Hello, NAT is detected with IP payloads in the IKE packets that are compared to the IP address that the hosts communicate with. Maybe you accidently configured a SNAT or MASQUERADE rule locally that changes the IPs.
On 03.06.2018 22:03, Giorgos Mavrikas wrote: > Sorry my tone was interpreted as offended. I was just explaining that things > I can change for testing and the things I do not have power over. > I do appreciate your time and effort. > I am trying to test with the rp_filter set to 0, but charon seems to > (wrongly) detect that the IPv6 to IPv6 traffic is NAT-ed and thus I cannot > establish a tunnel due to the well known lack of IPv6 NAT support in the > kernel. > I experimented with disabling MOBIKE support, same results. > Any ideas why this may be happening? > > Thanks again (logs follow). > > Jun 3 22:58:51 snf-823515 charon: 02[IKE] > 2a02:1388:2091:41a4:9ad:edfa:975:c21b is initiating an IKE_SA > Jun 3 22:58:51 snf-823515 ipsec[2745]: 02[ENC] parsed IKE_SA_INIT request 0 > [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ] > Jun 3 22:58:51 snf-823515 charon: 02[IKE] remote host is behind NAT > Jun 3 22:58:51 snf-823515 charon: 02[ENC] generating IKE_SA_INIT response 0 > [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ] > Jun 3 22:58:51 snf-823515 charon: 02[NET] sending packet: from > 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[500] to > 2a02:1388:2091:41a4:9ad:edfa:975:c21b[2201] (448 bytes) > Jun 3 22:58:51 snf-823515 charon: 03[NET] received packet: from > 2a02:1388:2091:41a4:9ad:edfa:975:c21b[46793] to > 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] (512 bytes) > Jun 3 22:58:51 snf-823515 charon: 03[ENC] unknown attribute type (25) > Jun 3 22:58:51 snf-823515 charon: 03[ENC] parsed IKE_AUTH request 1 [ IDi > N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 > (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ] > Jun 3 22:58:51 snf-823515 charon: 03[IKE] EAP-Identity request configured, > but not supported > Jun 3 22:58:51 snf-823515 charon: 03[IKE] initiating EAP_MSCHAPV2 method (id > 0x05) > Jun 3 22:58:51 snf-823515 charon: 03[IKE] received > ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding > Jun 3 22:58:51 snf-823515 charon: 03[IKE] peer supports MOBIKE > Jun 3 22:58:51 snf-823515 charon: 03[IKE] authentication of > 'tunnel2.mavrikas.com' (myself) with RSA signature successful > Jun 3 22:58:51 snf-823515 charon: 03[IKE] sending end entity cert > "CN=tunnel2.mavrikas.com" > Jun 3 22:58:51 snf-823515 charon: 03[ENC] generating IKE_AUTH response 1 [ > IDr CERT AUTH EAP/REQ/MSCHAPV2 ] > Jun 3 22:58:51 snf-823515 charon: 03[ENC] splitting IKE message with length > of 1968 bytes into 2 fragments > Jun 3 22:58:51 snf-823515 charon: 03[ENC] generating IKE_AUTH response 1 [ > EF(1/2) ] > Jun 3 22:58:51 snf-823515 charon: 03[ENC] generating IKE_AUTH response 1 [ > EF(2/2) ] > Jun 3 22:58:51 snf-823515 charon: 03[NET] sending packet: from > 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] to > 2a02:1388:2091:41a4:9ad:edfa:975:c21b[46793] (1220 bytes) > Jun 3 22:58:51 snf-823515 charon: 03[NET] sending packet: from > 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] to > 2a02:1388:2091:41a4:9ad:edfa:975:c21b[46793] (820 bytes) > Jun 3 22:58:51 snf-823515 charon: 13[NET] received packet: from > 2a02:1388:2091:41a4:9ad:edfa:975:c21b[46793] to > 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] (144 bytes) > Jun 3 22:58:51 snf-823515 charon: 13[ENC] parsed IKE_AUTH request 2 [ > EAP/RES/MSCHAPV2 ] > Jun 3 22:58:51 snf-823515 charon: 13[IKE] EAP-MS-CHAPv2 username: 'gmv' > Jun 3 22:58:51 snf-823515 charon: 13[ENC] generating IKE_AUTH response 2 [ > EAP/REQ/MSCHAPV2 ] > Jun 3 22:58:51 snf-823515 charon: 13[NET] sending packet: from > 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] to > 2a02:1388:2091:41a4:9ad:edfa:975:c21b[46793] (144 bytes) > Jun 3 22:58:51 snf-823515 charon: 15[NET] received packet: from > 2a02:1388:2091:41a4:9ad:edfa:975:c21b[46793] to > 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] (80 bytes) > Jun 3 22:58:51 snf-823515 charon: 15[ENC] parsed IKE_AUTH request 3 [ > EAP/RES/MSCHAPV2 ] > Jun 3 22:58:51 snf-823515 charon: 15[IKE] EAP method EAP_MSCHAPV2 succeeded, > MSK established > Jun 3 22:58:51 snf-823515 charon: 15[ENC] generating IKE_AUTH response 3 [ > EAP/SUCC ] > Jun 3 22:58:51 snf-823515 charon: 15[NET] sending packet: from > 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] to > 2a02:1388:2091:41a4:9ad:edfa:975:c21b[46793] (80 bytes) > Jun 3 22:58:51 snf-823515 charon: 16[NET] received packet: from > 2a02:1388:2091:41a4:9ad:edfa:975:c21b[46793] to > 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] (112 bytes) > Jun 3 22:58:51 snf-823515 charon: 16[ENC] parsed IKE_AUTH request 4 [ AUTH ] > Jun 3 22:58:51 snf-823515 charon: 16[IKE] authentication of 'gmvmbp15r' with > EAP successful > Jun 3 22:58:51 snf-823515 charon: 16[IKE] authentication of > 'tunnel2.mavrikas.com' (myself) with EAP > Jun 3 22:58:51 snf-823515 charon: 16[IKE] IKE_SA ikev2-vpn[7] established > between > 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[tunnel2.mavrikas.com]...2a02:1388:2091:41a4:9ad:edfa:975:c21b[gmvmbp15r] > Jun 3 22:58:51 snf-823515 charon: 16[IKE] peer requested virtual IP %any > Jun 3 22:58:51 snf-823515 charon: 16[IKE] assigning virtual IP 172.18.72.1 > to peer 'gmv' > Jun 3 22:58:51 snf-823515 charon: 16[IKE] peer requested virtual IP %any6 > Jun 3 22:58:51 snf-823515 charon: 16[IKE] no virtual IP found for %any6 > requested by 'gmv' > Jun 3 22:58:51 snf-823515 charon: 16[KNL] received netlink error: Invalid > argument (22) > Jun 3 22:58:51 snf-823515 charon: 16[KNL] unable to add SAD entry with SPI > c0ad8229 (FAILED) > Jun 3 22:58:51 snf-823515 charon: 16[KNL] received netlink error: Invalid > argument (22) > Jun 3 22:58:51 snf-823515 charon: 16[KNL] unable to add SAD entry with SPI > 06e533f6 (FAILED) > Jun 3 22:58:51 snf-823515 charon: 16[IKE] unable to install inbound and > outbound IPsec SA (SAD) in kernel > Jun 3 22:58:51 snf-823515 charon: 16[IKE] failed to establish CHILD_SA, > keeping IKE_SA > Jun 3 22:58:51 snf-823515 charon: 16[KNL] deleting policy 172.18.72.1/32 === > 0.0.0.0/0 in failed, not found > Jun 3 22:58:51 snf-823515 charon: 16[KNL] deleting policy 172.18.72.1/32 === > 0.0.0.0/0 fwd failed, not found > Jun 3 22:58:51 snf-823515 charon: 16[ENC] generating IKE_AUTH response 4 [ > AUTH CPRP(ADDR DNS DNS) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) > N(ADD_4_ADDR) N(NO_PROP) ] > Jun 3 22:58:51 snf-823515 charon: 16[NET] sending packet: from > 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] to > 2a02:1388:2091:41a4:9ad:edfa:975:c21b[46793] (192 bytes) > Jun 3 22:58:51 snf-823515 charon: 06[NET] received packet: from > 2a02:1388:2091:41a4:9ad:edfa:975:c21b[46793] to > 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] (80 bytes) > > >> On Jun 3, 2018, at 22:48, Noel Kuntze >> <noel.kuntze+strongswan-users-ml@thermi.consulting> wrote: >> >> Hi, >> >> Then try setting it to 0. I'm not criticising you or the provider. It's just >> the possible source of problems. >> >> Kind regards >> >> Noel >> >> On 03.06.2018 21:13, Giorgos Mavrikas wrote: >>> Hi Noel, >>> >>> You are right, the default policy is set to ACCEPT for debugging purposes, >>> once I have setup the IPv6 tunnel, I’ll set it to DROP. >>> The IPv6 address on eth0 and IPv4 on eth1 is set by the cloud provider of >>> the VM, nothing I can do about that. >>> Setting the rp_filter for all interfaces to 2 makes no difference though… >>> Any other suggestions are most welcome. >>> >>> Thanks >>> >>>> On Jun 3, 2018, at 14:47, Noel Kuntze >>>> <noel.kuntze+strongswan-users-ml@thermi.consulting> wrote: >>>> >>>> Hi, >>>> >>>> This looks okay, although the rules are largely useless, because it's a >>>> blacklist, not a whitelist. >>>> >>>> I could spot that you have IPv4 on eth1 and IPv6 on eth0. Because the >>>> return path to Mac OS is different between the two families, I think the >>>> return path filter drops the packets. Set it to 2 for both eth0 and eth1. >>>> Use sysctl -w net.ipv4.conf.eth0.rp_filter=2 >>>> net.ipv4.conf.eth1.rp_filter=2 for that, then test again. Use >>>> /etc/sysctl.d/ to make it permanent. >>>> >>>> Kind regards >>>> >>>> Noel >>>> >>>> On 02.06.2018 22:40, Giorgos Mavrikas wrote: >>>>> Hi Noel, >>>>> >>>>> Thanks for replying. >>>>> Here is the output of iptables-save and ip6tables-save: >>>>> >>>>> root@snf-823515:~# iptables-save >>>>> # Generated by iptables-save v1.6.1 on Sat Jun 2 23:38:02 2018 >>>>> *mangle >>>>> :PREROUTING ACCEPT [1267325:876958065] >>>>> :INPUT ACCEPT [1237708:851646057] >>>>> :FORWARD ACCEPT [29479:25297360] >>>>> :OUTPUT ACCEPT [1254056:1043029543] >>>>> :POSTROUTING ACCEPT [1283535:1068326903] >>>>> -A FORWARD -s 172.18.72.0/24 -o eth1 -p tcp -m policy --dir in --pol >>>>> ipsec -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu >>>>> -A FORWARD -s 172.18.73.0/24 -o eth1 -p tcp -m tcp --tcp-flags SYN,RST >>>>> SYN -j TCPMSS --clamp-mss-to-pmtu >>>>> COMMIT >>>>> # Completed on Sat Jun 2 23:38:02 2018 >>>>> # Generated by iptables-save v1.6.1 on Sat Jun 2 23:38:02 2018 >>>>> *nat >>>>> :PREROUTING ACCEPT [80004:7959890] >>>>> :INPUT ACCEPT [79118:7842531] >>>>> :OUTPUT ACCEPT [8028:605426] >>>>> :POSTROUTING ACCEPT [8029:605466] >>>>> -A POSTROUTING -s 172.18.72.0/24 -o eth1 -m policy --dir out --pol ipsec >>>>> -j ACCEPT >>>>> -A POSTROUTING -s 172.18.73.0/24 -o eth1 -j SNAT --to-source >>>>> 83.212.111.156 --persistent >>>>> -A POSTROUTING -s 172.18.72.0/24 -o eth1 -j SNAT --to-source >>>>> 83.212.111.156 --persistent >>>>> COMMIT >>>>> # Completed on Sat Jun 2 23:38:02 2018 >>>>> # Generated by iptables-save v1.6.1 on Sat Jun 2 23:38:02 2018 >>>>> *filter >>>>> :INPUT ACCEPT [79598:7901697] >>>>> :FORWARD ACCEPT [522:75308] >>>>> :OUTPUT ACCEPT [1254057:1043029895] >>>>> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT >>>>> -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT >>>>> -A INPUT -p udp -m udp --dport 500 -j ACCEPT >>>>> -A INPUT -p udp -m udp --dport 4500 -j ACCEPT >>>>> -A INPUT -i eth0 -p tcp -m tcp --dport 25 -j REJECT --reject-with >>>>> tcp-reset >>>>> -A INPUT -i eth1 -p tcp -m tcp --dport 25 -j REJECT --reject-with >>>>> tcp-reset >>>>> -A FORWARD -s 172.18.72.0/24 -m policy --dir in --pol ipsec --proto esp >>>>> -j ACCEPT >>>>> -A FORWARD -d 172.18.72.0/24 -m policy --dir out --pol ipsec --proto esp >>>>> -j ACCEPT >>>>> COMMIT >>>>> # Completed on Sat Jun 2 23:38:02 2018 >>>>> >>>>> >>>>> root@snf-823515:~# ip6tables-save >>>>> # Generated by ip6tables-save v1.6.1 on Sat Jun 2 23:39:30 2018 >>>>> *filter >>>>> :INPUT ACCEPT [9613:6437361] >>>>> :FORWARD ACCEPT [0:0] >>>>> :OUTPUT ACCEPT [7799:673126] >>>>> -A INPUT -i eth0 -p tcp -m tcp --dport 25 -j REJECT --reject-with >>>>> tcp-reset >>>>> COMMIT >>>>> # Completed on Sat Jun 2 23:39:30 2018 >>>>> >>>>> Thanks, >>>>> GeorgeM >>>>> >>>>>> On Jun 2, 2018, at 23:35, Noel Kuntze >>>>>> <noel.kuntze+strongswan-users-ml@thermi.consulting> wrote: >>>>>> >>>>>> Hello, >>>>>> >>>>>> Please provide your iptables and ip6tables rules. Use iptables-save and >>>>>> ip6tables-save. >>>>>> >>>>>> Kind regards >>>>>> >>>>>> Noel >>>>>> >>>>>> On 01.06.2018 23:15, Giorgos Mavrikas wrote: >>>>>>> Hi, >>>>>>> >>>>>>> I have a problem that’s been bugging me for two days straight. I have >>>>>>> looked into the wiki documentation regarding routing, but I cannot >>>>>>> figure this out. Any help would be much appreciated. >>>>>>> I have a simple “road warrior” type setup, with SW listening on both v4 >>>>>>> and v6. I want clients to be able to connect to both v4 and v6, but the >>>>>>> tunnel should only carry v4 traffic. >>>>>>> The v4 part works great. The v6 part connects OK (after some extra >>>>>>> module loading) and tunnel traffic gets all the way from the client to >>>>>>> the external interface of the server where it get’s NAT-ted and a reply >>>>>>> is received. After that, the packet gets missing, it’s never received >>>>>>> on the client’s tunnel interface. I cannot find out why this happens, >>>>>>> all xfrm policies look good to my eyes. >>>>>>> >>>>>>> Snoop on the client (macOS) >>>>>>> gmvmbp15r:~ root# tcpdump -ni ipsec0 icmp >>>>>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol >>>>>>> decode >>>>>>> listening on ipsec0, link-type NULL (BSD loopback), capture size 262144 >>>>>>> bytes >>>>>>> 00:11:43.251689 IP 172.18.72.1 > 1.1.1.1: ICMP echo request, id 5125, >>>>>>> seq 3, length 64 >>>>>>> 00:11:44.253234 IP 172.18.72.1 > 1.1.1.1: ICMP echo request, id 5125, >>>>>>> seq 4, length 64 >>>>>>> 00:11:45.257160 IP 172.18.72.1 > 1.1.1.1: ICMP echo request, id 5125, >>>>>>> seq 5, length 64 >>>>>>> 00:11:46.258467 IP 172.18.72.1 > 1.1.1.1: ICMP echo request, id 5125, >>>>>>> seq 6, length 64 >>>>>>> >>>>>>> Snoop on the public interface of the server (Ubuntu 18.04) >>>>>>> root@snf-823515:~# tcpdump -ni eth1 icmp >>>>>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol >>>>>>> decode >>>>>>> listening on eth1, link-type EN10MB (Ethernet), capture size 262144 >>>>>>> bytes >>>>>>> 00:11:46.257089 IP 83.212.111.156 > 1.1.1.1: ICMP echo request, id >>>>>>> 5125, seq 6, length 64 >>>>>>> 00:11:46.259361 IP 1.1.1.1 > 83.212.111.156: ICMP echo reply, id 5125, >>>>>>> seq 6, length 64 >>>>>>> 00:11:47.274263 IP 83.212.111.156 > 1.1.1.1: ICMP echo request, id >>>>>>> 5125, seq 7, length 64 >>>>>>> 00:11:47.276714 IP 1.1.1.1 > 83.212.111.156: ICMP echo reply, id 5125, >>>>>>> seq 7, length 64 >>>>>>> >>>>>>> Thanks for taking the time! >>>>>>> >>>>>>> My config follows. >>>>>>> >>>>>>> -> ipsec.conf >>>>>>> config setup >>>>>>> charondebug="ike 1, knl 1, cfg 0" >>>>>>> uniqueids=no >>>>>>> >>>>>>> conn ikev2-vpn >>>>>>> auto=add >>>>>>> compress=no >>>>>>> type=tunnel >>>>>>> keyexchange=ikev2 >>>>>>> fragmentation=yes >>>>>>> forceencaps=no >>>>>>> ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024! >>>>>>> esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1! >>>>>>> dpdaction=clear >>>>>>> dpddelay=300s >>>>>>> rekey=no >>>>>>> left=%any >>>>>>> leftid=@tunnel2.mavrikas.com <mailto:leftid=@tunnel2.mavrikas.com> >>>>>>> leftcert=/etc/letsencrypt/live/tunnel2.mavrikas.com/fullchain.pem >>>>>>> <http://tunnel2.mavrikas.com/fullchain.pem> >>>>>>> leftsendcert=always >>>>>>> leftsubnet=0.0.0.0/0 >>>>>>> right=%any >>>>>>> rightid=%any >>>>>>> rightauth=eap-mschapv2 >>>>>>> rightsourceip=172.18.72.0/24 >>>>>>> rightdns=1.0.0.1,1.1.1.1 >>>>>>> rightsendcert=never >>>>>>> eap_identity=%identity >>>>>>> >>>>>>> -> v4 connection log (all OK): >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 00[DMN] Starting IKE charon >>>>>>> daemon (strongSwan 5.6.2, Linux 4.15.0-1010-kvm, x86_64) >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 00[LIB] loaded plugins: charon >>>>>>> aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints >>>>>>> pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf >>>>>>> gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default >>>>>>> connmark stroke updown eap-mschapv2 xauth-generic counters >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 00[LIB] dropped capabilities, >>>>>>> running as uid 0, gid 0 >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 00[JOB] spawning 16 worker >>>>>>> threads >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 07[NET] received packet: from >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[500] to >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[500] (604 bytes) >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 07[ENC] parsed IKE_SA_INIT >>>>>>> request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) >>>>>>> ] >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 07[IKE] >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8 is initiating an IKE_SA >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 07[ENC] generating IKE_SA_INIT >>>>>>> response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) >>>>>>> N(MULT_AUTH) ] >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 07[NET] sending packet: from >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[500] to >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[500] (448 bytes) >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 08[NET] received packet: from >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[4500] to >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] (512 bytes) >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 08[ENC] unknown attribute type >>>>>>> (25) >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 08[ENC] parsed IKE_AUTH request >>>>>>> 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 >>>>>>> DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ] >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 08[IKE] EAP-Identity request >>>>>>> configured, but not supported >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 08[IKE] initiating EAP_MSCHAPV2 >>>>>>> method (id 0xFB) >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 08[IKE] received >>>>>>> ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 08[IKE] peer supports MOBIKE >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 08[IKE] authentication of >>>>>>> 'tunnel2.mavrikas.com <http://tunnel2.mavrikas.com>' (myself) with RSA >>>>>>> signature successful >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 08[IKE] sending end entity cert >>>>>>> "CN=tunnel2.mavrikas.com <http://tunnel2.mavrikas.com>" >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 08[ENC] generating IKE_AUTH >>>>>>> response 1 [ IDr CERT AUTH EAP/REQ/MSCHAPV2 ] >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 08[ENC] splitting IKE message >>>>>>> with length of 1968 bytes into 2 fragments >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 08[ENC] generating IKE_AUTH >>>>>>> response 1 [ EF(1/2) ] >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 08[ENC] generating IKE_AUTH >>>>>>> response 1 [ EF(2/2) ] >>>>>>> Jun 2 00:04:22 snf-823515 charon: 11[IKE] IKE_SA ikev2-vpn[1] >>>>>>> established between >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[tunnel2.mavrikas.com<http://tunnel2.mavrikas.com>]...2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[gmvmbp15r] >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 08[NET] sending packet: from >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] to >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[4500] (1220 bytes) >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 08[NET] sending packet: from >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] to >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[4500] (820 bytes) >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 09[NET] received packet: from >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[4500] to >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] (144 bytes) >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 09[ENC] parsed IKE_AUTH request >>>>>>> 2 [ EAP/RES/MSCHAPV2 ] >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 09[IKE] EAP-MS-CHAPv2 username: >>>>>>> 'gmv' >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 09[ENC] generating IKE_AUTH >>>>>>> response 2 [ EAP/REQ/MSCHAPV2 ] >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 09[NET] sending packet: from >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] to >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[4500] (144 bytes) >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 10[NET] received packet: from >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[4500] to >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] (80 bytes) >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 10[ENC] parsed IKE_AUTH request >>>>>>> 3 [ EAP/RES/MSCHAPV2 ] >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 10[IKE] EAP method EAP_MSCHAPV2 >>>>>>> succeeded, MSK established >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 10[ENC] generating IKE_AUTH >>>>>>> response 3 [ EAP/SUCC ] >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 10[NET] sending packet: from >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] to >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[4500] (80 bytes) >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 11[NET] received packet: from >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[4500] to >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] (112 bytes) >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 11[ENC] parsed IKE_AUTH request >>>>>>> 4 [ AUTH ] >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 11[IKE] authentication of >>>>>>> 'gmvmbp15r' with EAP successful >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 11[IKE] authentication of >>>>>>> 'tunnel2.mavrikas.com <http://tunnel2.mavrikas.com>' (myself) with EAP >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 11[IKE] IKE_SA ikev2-vpn[1] >>>>>>> established between >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[tunnel2.mavrikas.com<http://tunnel2.mavrikas.com>]...2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[gmvmbp15r] >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 11[IKE] peer requested virtual >>>>>>> IP %any >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 11[IKE] assigning virtual IP >>>>>>> 172.18.72.1 to peer 'gmv' >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 11[IKE] peer requested virtual >>>>>>> IP %any6 >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 11[IKE] no virtual IP found for >>>>>>> %any6 requested by 'gmv' >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 11[IKE] CHILD_SA ikev2-vpn{1} >>>>>>> established with SPIs c64b8761_i 0e498bf1_o and TS 0.0.0.0/0 === >>>>>>> 172.18.72.1/32 >>>>>>> Jun 2 00:04:22 snf-823515 ipsec[2733]: 11[ENC] generating IKE_AUTH >>>>>>> response 4 [ AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) >>>>>>> N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) ] >>>>>>> Jun 2 00:04:22 snf-823515 charon: 11[IKE] peer requested virtual IP >>>>>>> %any >>>>>>> Jun 2 00:04:22 snf-823515 charon: 11[IKE] assigning virtual IP >>>>>>> 172.18.72.1 to peer 'gmv' >>>>>>> Jun 2 00:04:22 snf-823515 charon: 11[IKE] peer requested virtual IP >>>>>>> %any6 >>>>>>> Jun 2 00:04:22 snf-823515 charon: 11[IKE] no virtual IP found for >>>>>>> %any6 requested by 'gmv' >>>>>>> Jun 2 00:04:22 snf-823515 charon: 11[IKE] CHILD_SA ikev2-vpn{1} >>>>>>> established with SPIs c64b8761_i 0e498bf1_o and TS 0.0.0.0/0 === >>>>>>> 172.18.72.1/32 >>>>>>> Jun 2 00:04:22 snf-823515 charon: 11[ENC] generating IKE_AUTH response >>>>>>> 4 [ AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) >>>>>>> N(ADD_4_ADDR) N(ADD_4_ADDR) ] >>>>>>> Jun 2 00:04:22 snf-823515 charon: 11[NET] sending packet: from >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] to >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[4500] (288 bytes) >>>>>>> >>>>>>> -> v6 connection log >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 00[DMN] Starting IKE charon >>>>>>> daemon (strongSwan 5.6.2, Linux 4.15.0-1010-kvm, x86_64) >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 00[LIB] loaded plugins: charon >>>>>>> aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints >>>>>>> pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf >>>>>>> gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default >>>>>>> connmark stroke updown eap-mschapv2 xauth-generic counters >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 00[LIB] dropped capabilities, >>>>>>> running as uid 0, gid 0 >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 00[JOB] spawning 16 worker >>>>>>> threads >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 07[NET] received packet: from >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[500] to >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[500] (604 bytes) >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 07[ENC] parsed IKE_SA_INIT >>>>>>> request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) >>>>>>> ] >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 07[IKE] >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8 is initiating an IKE_SA >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 07[ENC] generating IKE_SA_INIT >>>>>>> response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) >>>>>>> N(MULT_AUTH) ] >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 07[NET] sending packet: from >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[500] to >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[500] (448 bytes) >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 08[NET] received packet: from >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[4500] to >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] (512 bytes) >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 08[ENC] unknown attribute type >>>>>>> (25) >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 08[ENC] parsed IKE_AUTH request >>>>>>> 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 >>>>>>> DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ] >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 08[IKE] EAP-Identity request >>>>>>> configured, but not supported >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 08[IKE] initiating EAP_MSCHAPV2 >>>>>>> method (id 0x5E) >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 08[IKE] received >>>>>>> ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 08[IKE] peer supports MOBIKE >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 08[IKE] authentication of >>>>>>> 'tunnel2.mavrikas.com <http://tunnel2.mavrikas.com>' (myself) with RSA >>>>>>> signature successful >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 08[IKE] sending end entity cert >>>>>>> "CN=tunnel2.mavrikas.com <http://tunnel2.mavrikas.com>" >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 08[ENC] generating IKE_AUTH >>>>>>> response 1 [ IDr CERT AUTH EAP/REQ/MSCHAPV2 ] >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 08[ENC] splitting IKE message >>>>>>> with length of 1968 bytes into 2 fragments >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 08[ENC] generating IKE_AUTH >>>>>>> response 1 [ EF(1/2) ] >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 08[ENC] generating IKE_AUTH >>>>>>> response 1 [ EF(2/2) ] >>>>>>> Jun 2 00:05:30 snf-823515 charon: 11[IKE] IKE_SA ikev2-vpn[1] >>>>>>> established between >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[tunnel2.mavrikas.com<http://tunnel2.mavrikas.com>]...2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[gmvmbp15r] >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 08[NET] sending packet: from >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] to >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[4500] (1220 bytes) >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 08[NET] sending packet: from >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] to >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[4500] (820 bytes) >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 09[NET] received packet: from >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[4500] to >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] (144 bytes) >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 09[ENC] parsed IKE_AUTH request >>>>>>> 2 [ EAP/RES/MSCHAPV2 ] >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 09[IKE] EAP-MS-CHAPv2 username: >>>>>>> 'gmv' >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 09[ENC] generating IKE_AUTH >>>>>>> response 2 [ EAP/REQ/MSCHAPV2 ] >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 09[NET] sending packet: from >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] to >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[4500] (144 bytes) >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 10[NET] received packet: from >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[4500] to >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] (80 bytes) >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 10[ENC] parsed IKE_AUTH request >>>>>>> 3 [ EAP/RES/MSCHAPV2 ] >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 10[IKE] EAP method EAP_MSCHAPV2 >>>>>>> succeeded, MSK established >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 10[ENC] generating IKE_AUTH >>>>>>> response 3 [ EAP/SUCC ] >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 10[NET] sending packet: from >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] to >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[4500] (80 bytes) >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 11[NET] received packet: from >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[4500] to >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] (112 bytes) >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 11[ENC] parsed IKE_AUTH request >>>>>>> 4 [ AUTH ] >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 11[IKE] authentication of >>>>>>> 'gmvmbp15r' with EAP successful >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 11[IKE] authentication of >>>>>>> 'tunnel2.mavrikas.com <http://tunnel2.mavrikas.com>' (myself) with EAP >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 11[IKE] IKE_SA ikev2-vpn[1] >>>>>>> established between >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[tunnel2.mavrikas.com<http://tunnel2.mavrikas.com>]...2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[gmvmbp15r] >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 11[IKE] peer requested virtual >>>>>>> IP %any >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 11[IKE] assigning virtual IP >>>>>>> 172.18.72.1 to peer 'gmv' >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 11[IKE] peer requested virtual >>>>>>> IP %any6 >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 11[IKE] no virtual IP found for >>>>>>> %any6 requested by 'gmv' >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 11[IKE] CHILD_SA ikev2-vpn{1} >>>>>>> established with SPIs c319aa3c_i 0858c6f9_o and TS 0.0.0.0/0 === >>>>>>> 172.18.72.1/32 >>>>>>> Jun 2 00:05:30 snf-823515 ipsec[2935]: 11[ENC] generating IKE_AUTH >>>>>>> response 4 [ AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) >>>>>>> N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) ] >>>>>>> Jun 2 00:05:30 snf-823515 charon: 11[IKE] peer requested virtual IP >>>>>>> %any >>>>>>> Jun 2 00:05:30 snf-823515 charon: 11[IKE] assigning virtual IP >>>>>>> 172.18.72.1 to peer 'gmv' >>>>>>> Jun 2 00:05:30 snf-823515 charon: 11[IKE] peer requested virtual IP >>>>>>> %any6 >>>>>>> Jun 2 00:05:30 snf-823515 charon: 11[IKE] no virtual IP found for >>>>>>> %any6 requested by 'gmv' >>>>>>> Jun 2 00:05:30 snf-823515 charon: 11[IKE] CHILD_SA ikev2-vpn{1} >>>>>>> established with SPIs c319aa3c_i 0858c6f9_o and TS 0.0.0.0/0 === >>>>>>> 172.18.72.1/32 >>>>>>> Jun 2 00:05:30 snf-823515 charon: 11[ENC] generating IKE_AUTH response >>>>>>> 4 [ AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) >>>>>>> N(ADD_4_ADDR) N(ADD_4_ADDR) ] >>>>>>> Jun 2 00:05:30 snf-823515 charon: 11[NET] sending packet: from >>>>>>> 2001:648:2ffc:1225:a800:4ff:fe1e:a37e[4500] to >>>>>>> 2a02:1388:2185:a7ab:d5ce:d99f:aec6:66d8[4500] (288 bytes) >>>>>>> >>>>>>> -> routing tables after v4 gets connected (ignore the tun* interfaces, >>>>>>> they belong to OpenVPN) >>>>>>> 172.18.72.1 via 83.212.110.1 dev eth1 table 220 proto static >>>>>>> default via 83.212.110.1 dev eth1 proto dhcp metric 101 >>>>>>> 83.212.110.0/23 dev eth1 proto kernel scope link src 83.212.111.156 >>>>>>> metric 101 >>>>>>> 172.18.73.0/24 via 172.18.73.2 dev tun1 >>>>>>> 172.18.73.2 dev tun1 proto kernel scope link src 172.18.73.1 >>>>>>> 172.18.73.2 dev tun0 proto kernel scope link src 172.18.73.1 >>>>>>> broadcast 83.212.110.0 dev eth1 table local proto kernel scope link src >>>>>>> 83.212.111.156 >>>>>>> local 83.212.111.156 dev eth1 table local proto kernel scope host src >>>>>>> 83.212.111.156 >>>>>>> broadcast 83.212.111.255 dev eth1 table local proto kernel scope link >>>>>>> src 83.212.111.156 >>>>>>> broadcast 127.0.0.0 dev lo table local proto kernel scope link src >>>>>>> 127.0.0.1 >>>>>>> local 127.0.0.0/8 dev lo table local proto kernel scope host src >>>>>>> 127.0.0.1 >>>>>>> local 127.0.0.1 dev lo table local proto kernel scope host src >>>>>>> 127.0.0.1 >>>>>>> broadcast 127.255.255.255 dev lo table local proto kernel scope link >>>>>>> src 127.0.0.1 >>>>>>> local 172.18.73.1 dev tun1 table local proto kernel scope host src >>>>>>> 172.18.73.1 >>>>>>> local 172.18.73.1 dev tun0 table local proto kernel scope host src >>>>>>> 172.18.73.1 >>>>>>> local ::1 dev lo proto kernel metric 256 pref medium >>>>>>> 2001:648:2ffc:1225::/64 dev eth0 proto ra metric 100 pref medium >>>>>>> fe80::/64 dev eth0 proto kernel metric 100 pref medium >>>>>>> fe80::/64 dev eth1 proto kernel metric 101 pref medium >>>>>>> fe80::/64 dev eth0 proto kernel metric 256 pref medium >>>>>>> fe80::/64 dev eth1 proto kernel metric 256 pref medium >>>>>>> fe80::/64 dev tun1 proto kernel metric 256 pref medium >>>>>>> fe80::/64 dev tun0 proto kernel metric 256 pref medium >>>>>>> default via fe80::ce47:52ff:fe4e:4554 dev eth0 proto ra metric 100 pref >>>>>>> high >>>>>>> local ::1 dev lo table local proto kernel metric 0 pref medium >>>>>>> local 2001:648:2ffc:1225:a800:4ff:fe1e:a37e dev eth0 table local proto >>>>>>> kernel metric 0 pref medium >>>>>>> local fe80::3948:27b7:f4d2:fa55 dev eth1 table local proto kernel >>>>>>> metric 0 pref medium >>>>>>> local fe80::8c31:575c:4950:fa28 dev tun0 table local proto kernel >>>>>>> metric 0 pref medium >>>>>>> local fe80::a800:4ff:fe1e:a37e dev eth0 table local proto kernel metric >>>>>>> 0 pref medium >>>>>>> local fe80::e403:923b:5769:5de dev tun1 table local proto kernel metric >>>>>>> 0 pref medium >>>>>>> ff00::/8 dev eth0 table local metric 256 pref medium >>>>>>> ff00::/8 dev eth1 table local metric 256 pref medium >>>>>>> ff00::/8 dev tun1 table local metric 256 pref medium >>>>>>> ff00::/8 dev tun0 table local metric 256 pref medium >>>>>>> >>>>>>> -> routing tables after v6 gets connected >>>>>>> 172.18.72.1 via 83.212.110.1 dev eth1 table 220 proto static >>>>>>> default via 83.212.110.1 dev eth1 proto dhcp metric 101 >>>>>>> 83.212.110.0/23 dev eth1 proto kernel scope link src 83.212.111.156 >>>>>>> metric 101 >>>>>>> 172.18.73.0/24 via 172.18.73.2 dev tun1 >>>>>>> 172.18.73.2 dev tun1 proto kernel scope link src 172.18.73.1 >>>>>>> 172.18.73.2 dev tun0 proto kernel scope link src 172.18.73.1 >>>>>>> broadcast 83.212.110.0 dev eth1 table local proto kernel scope link src >>>>>>> 83.212.111.156 >>>>>>> local 83.212.111.156 dev eth1 table local proto kernel scope host src >>>>>>> 83.212.111.156 >>>>>>> broadcast 83.212.111.255 dev eth1 table local proto kernel scope link >>>>>>> src 83.212.111.156 >>>>>>> broadcast 127.0.0.0 dev lo table local proto kernel scope link src >>>>>>> 127.0.0.1 >>>>>>> local 127.0.0.0/8 dev lo table local proto kernel scope host src >>>>>>> 127.0.0.1 >>>>>>> local 127.0.0.1 dev lo table local proto kernel scope host src >>>>>>> 127.0.0.1 >>>>>>> broadcast 127.255.255.255 dev lo table local proto kernel scope link >>>>>>> src 127.0.0.1 >>>>>>> local 172.18.73.1 dev tun1 table local proto kernel scope host src >>>>>>> 172.18.73.1 >>>>>>> local 172.18.73.1 dev tun0 table local proto kernel scope host src >>>>>>> 172.18.73.1 >>>>>>> local ::1 dev lo proto kernel metric 256 pref medium >>>>>>> 2001:648:2ffc:1225::/64 dev eth0 proto ra metric 100 pref medium >>>>>>> fe80::/64 dev eth0 proto kernel metric 100 pref medium >>>>>>> fe80::/64 dev eth1 proto kernel metric 101 pref medium >>>>>>> fe80::/64 dev eth0 proto kernel metric 256 pref medium >>>>>>> fe80::/64 dev eth1 proto kernel metric 256 pref medium >>>>>>> fe80::/64 dev tun1 proto kernel metric 256 pref medium >>>>>>> fe80::/64 dev tun0 proto kernel metric 256 pref medium >>>>>>> default via fe80::ce47:52ff:fe4e:4554 dev eth0 proto ra metric 100 pref >>>>>>> high >>>>>>> local ::1 dev lo table local proto kernel metric 0 pref medium >>>>>>> local 2001:648:2ffc:1225:a800:4ff:fe1e:a37e dev eth0 table local proto >>>>>>> kernel metric 0 pref medium >>>>>>> local fe80::3948:27b7:f4d2:fa55 dev eth1 table local proto kernel >>>>>>> metric 0 pref medium >>>>>>> local fe80::8c31:575c:4950:fa28 dev tun0 table local proto kernel >>>>>>> metric 0 pref medium >>>>>>> local fe80::a800:4ff:fe1e:a37e dev eth0 table local proto kernel metric >>>>>>> 0 pref medium >>>>>>> local fe80::e403:923b:5769:5de dev tun1 table local proto kernel metric >>>>>>> 0 pref medium >>>>>>> ff00::/8 dev eth0 table local metric 256 pref medium >>>>>>> ff00::/8 dev eth1 table local metric 256 pref medium >>>>>>> ff00::/8 dev tun1 table local metric 256 pref medium >>>>>>> ff00::/8 dev tun0 table local metric 256 pref medium >>>>>>> >>>>>>> -> interface configuration >>>>>>> root@snf-823515:~# ip addr ls >>>>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN >>>>>>> group default qlen 1000 >>>>>>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >>>>>>> inet 127.0.0.1/8 scope host lo >>>>>>> valid_lft forever preferred_lft forever >>>>>>> inet6 ::1/128 scope host >>>>>>> valid_lft forever preferred_lft forever >>>>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast >>>>>>> state UP group default qlen 1000 >>>>>>> link/ether aa:00:04:1e:a3:7e brd ff:ff:ff:ff:ff:ff >>>>>>> inet6 2001:648:2ffc:1225:a800:4ff:fe1e:a37e/64 scope global >>>>>>> noprefixroute >>>>>>> valid_lft forever preferred_lft forever >>>>>>> inet6 fe80::a800:4ff:fe1e:a37e/64 scope link noprefixroute >>>>>>> valid_lft forever preferred_lft forever >>>>>>> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast >>>>>>> state UP group default qlen 1000 >>>>>>> link/ether aa:0c:f4:7b:f9:1d brd ff:ff:ff:ff:ff:ff >>>>>>> inet 83.212.111.156/23 brd 83.212.111.255 scope global dynamic >>>>>>> noprefixroute eth1 >>>>>>> valid_lft 603582sec preferred_lft 603582sec >>>>>>> inet6 fe80::3948:27b7:f4d2:fa55/64 scope link noprefixroute >>>>>>> valid_lft forever preferred_lft forever >>>>>>> 4: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen >>>>>>> 1000 >>>>>>> link/sit 0.0.0.0 brd 0.0.0.0 >>>>>>> 5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc >>>>>>> pfifo_fast state UNKNOWN group default qlen 100 >>>>>>> link/none >>>>>>> inet 172.18.73.1 peer 172.18.73.2/32 scope global tun0 >>>>>>> valid_lft forever preferred_lft forever >>>>>>> inet6 fe80::8c31:575c:4950:fa28/64 scope link stable-privacy >>>>>>> valid_lft forever preferred_lft forever >>>>>>> 6: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc >>>>>>> pfifo_fast state UNKNOWN group default qlen 100 >>>>>>> link/none >>>>>>> inet 172.18.73.1 peer 172.18.73.2/32 scope global tun1 >>>>>>> valid_lft forever preferred_lft forever >>>>>>> inet6 fe80::e403:923b:5769:5de/64 scope link stable-privacy >>>>>>> valid_lft forever preferred_lft forever >>>>> >>>> >>> >> > >
signature.asc
Description: OpenPGP digital signature
