Hi,
In StrongSwan Version 5.2.2.
We are facing problem in reaching traffic selectors when we use IPv6
TS(Single host IP) with /128 prefix BUT whereas when we use subnets, its
working fine.
Below is the kernel table output when we use /128 prefix for TS and with
/120 prefix.
Failure case:
# ipsec status
Security Associations (3 up, 0 connecting):
tun1_sa1[1]: ESTABLISHED 3 minutes ago,
172.aa.yy.0[F830940152300008.iprc.nlt.in]...192.abc.ab.158[iprc.nlt.in]
tun1_sa1{67108865}: INSTALLED, TUNNEL, ESP in UDP SPIs: c33c0cc0_i
0006ea56_o
tun1_sa1{67108865}: fc01:eab:xx::xx/128 === fc01:eab:8:1::/120
fc01:eab:yy:1::x/128 fc01:eab:11:6::/120 fc01:eab:8:2::/120
fc01:eab:96:1::/120 fc01:eab:92:1::/120
Routing table entry looks like below:
fc01:eab:97:1::7 dev eth1 table 220 proto static metric 1024 >> no src ip
Success case:
# ipsec status
Security Associations (3 up, 0 connecting):
tun1_sa1[1]: ESTABLISHED 3 minutes ago,
172.aa.yy.0[F830940152300008.iprc.nlt.in]...192.abc.ab.158[iprc.nlt.in]
tun1_sa1{67108865}: INSTALLED, TUNNEL, ESP in UDP SPIs: c33c0cc0_i
0006ea56_o
tun1_sa1{67108865}: fc01:eab:xx::xx/128 === fc01:eab:8:1::/120
fc01:eab:yy:1::/120 fc01:eab:11:6::/120 fc01:eab:8:2::/120
fc01:eab:96:1::/120 fc01:eab:92:1::/120
Routing table entry:
fc01:eab:97:1::/120 dev eth1 table 220 proto static src fc01:eab:xx:z::92
metric 1024 >> src ip present
In failure we are not able to reach TS. Can you please let us know is this a
limitation with strongswan v5.2.2 OR is it a known bug ?
Thanks,
Sachin
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
