'Re: [strongSwan] Dual Stack problems'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-users
Subject:    Re: [strongSwan] Dual Stack problems
From:       Claude Tompers <claude.tompers () restena ! lu>
Date:       2013-03-26 9:51:31
Message-ID: 51516FA3.3000100 () restena ! lu
[Download RAW message or body]

[Attachment #2 (multipart/signed)]

Hi Andreas,

Thanks for your answer.

kind regards,
Claude

On 03/26/2013 10:22 AM, Andreas Steffen wrote:
> Hi Claude,
>
> this problem with persistent SQL-based pools was fixed with
> 5.0.3rc1. See also our new example scenario
>
> https://www.strongswan.org/uml/testresults5rc/ikev2/ip-two-pools-v4v6-db/
>
> Regards
>
> Andreas
>
> On 03/26/2013 09:46 AM, Claude Tompers wrote:
> > Hello,
>
> > My strongswan 5.0.2 installation has some bizarre behaviour with
> > IKEv2 connections that ask both an IPv4 and an IPv6 address.
>
> > My client ipsec.conf is as follows :
>
> > conn IKEv2 keyexchange=ikev2 left=%any leftauth=pubkey
> > leftcert=nullpointerexception-cert.pem
> > leftsourceip=%config4,%config6 right=casarrondo.restena.lu
> > rightauth=pubkey rightid=@casarrondo.restena.lu
>
>
> > My server ipsec.conf is as follows :
>
> > conn IKEv2-tech keyexchange=ikev2 rightauth=pubkey
> > rightsendcert=always rightid="C=LU, L=Luxembourg, O=Fondation
> > RESTENA, OU=Technical, CN=*, E=*" rightsourceip=%tech-v4,%tech-v6
> > auto=add
>
>
> > Both pools are defined as follows :
>
> > name           start             end  timeout   size online usage
> > tech-v4   158.64.15.193   158.64.15.206       1h     14     0 ( 0%)
> > 2 (14%) tech-v6 2001:a18:1:40::1 2001:a18:1:40::ff       1h 255
> > 0 ( 0%)     0 ( 0%)
>
>
> > In the server logs, I see the following lines :
>
> > Mar 26 09:35:47 casarrondo charon: 07[CFG] acquired existing lease
> > for address 158.64.15.193 in pool 'tech-v4' Mar 26 09:35:47
> > casarrondo charon: 07[IKE] assigning virtual IP 158.64.15.193 to
> > peer 'C=LU ... Mar 26 09:35:47 casarrondo charon: 07[IKE] peer
> > requested virtual IP %any6 Mar 26 09:35:47 casarrondo charon:
> > 07[CFG] acquired existing lease for address 158.64.15.194 in pool
> > 'tech-v4' Mar 26 09:35:47 casarrondo charon: 07[IKE] assigning
> > virtual IP 158.64.15.194 to peer 'C=LU ...
>
> > The client really ends up with two addresses from tech-v4 pool.
> > I've changed the following line in the server's ipsec.conf :
>
> > rightsourceip=%tech-v6,%tech-v4
>
> > The result was that strongswan distributed 2 addresses from the
> > tech-v6 pool. Is there an error in my configuration ?
>
> > kind regards, Claude
>
>
>
> > _______________________________________________ Users mailing list
> >  Users@lists.strongswan.org
> > https://lists.strongswan.org/mailman/listinfo/users
>
>
>
>

-- 
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

["signature.asc" (application/pgp-signature)]

_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

[prev in list] [next in list] [prev in thread] [next in thread] 