[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] Dual Stack problems
From: Claude Tompers <claude.tompers () restena ! lu>
Date: 2013-03-26 9:51:31
Message-ID: 51516FA3.3000100 () restena ! lu
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Hi Andreas,
Thanks for your answer.
kind regards,
Claude
On 03/26/2013 10:22 AM, Andreas Steffen wrote:
> Hi Claude,
>
> this problem with persistent SQL-based pools was fixed with
> 5.0.3rc1. See also our new example scenario
>
> https://www.strongswan.org/uml/testresults5rc/ikev2/ip-two-pools-v4v6-db/
>
> Regards
>
> Andreas
>
> On 03/26/2013 09:46 AM, Claude Tompers wrote:
> > Hello,
>
> > My strongswan 5.0.2 installation has some bizarre behaviour with
> > IKEv2 connections that ask both an IPv4 and an IPv6 address.
>
> > My client ipsec.conf is as follows :
>
> > conn IKEv2 keyexchange=ikev2 left=%any leftauth=pubkey
> > leftcert=nullpointerexception-cert.pem
> > leftsourceip=%config4,%config6 right=casarrondo.restena.lu
> > rightauth=pubkey rightid=@casarrondo.restena.lu
>
>
> > My server ipsec.conf is as follows :
>
> > conn IKEv2-tech keyexchange=ikev2 rightauth=pubkey
> > rightsendcert=always rightid="C=LU, L=Luxembourg, O=Fondation
> > RESTENA, OU=Technical, CN=*, E=*" rightsourceip=%tech-v4,%tech-v6
> > auto=add
>
>
> > Both pools are defined as follows :
>
> > name start end timeout size online usage
> > tech-v4 158.64.15.193 158.64.15.206 1h 14 0 ( 0%)
> > 2 (14%) tech-v6 2001:a18:1:40::1 2001:a18:1:40::ff 1h 255
> > 0 ( 0%) 0 ( 0%)
>
>
> > In the server logs, I see the following lines :
>
> > Mar 26 09:35:47 casarrondo charon: 07[CFG] acquired existing lease
> > for address 158.64.15.193 in pool 'tech-v4' Mar 26 09:35:47
> > casarrondo charon: 07[IKE] assigning virtual IP 158.64.15.193 to
> > peer 'C=LU ... Mar 26 09:35:47 casarrondo charon: 07[IKE] peer
> > requested virtual IP %any6 Mar 26 09:35:47 casarrondo charon:
> > 07[CFG] acquired existing lease for address 158.64.15.194 in pool
> > 'tech-v4' Mar 26 09:35:47 casarrondo charon: 07[IKE] assigning
> > virtual IP 158.64.15.194 to peer 'C=LU ...
>
> > The client really ends up with two addresses from tech-v4 pool.
> > I've changed the following line in the server's ipsec.conf :
>
> > rightsourceip=%tech-v6,%tech-v4
>
> > The result was that strongswan distributed 2 addresses from the
> > tech-v6 pool. Is there an error in my configuration ?
>
> > kind regards, Claude
>
>
>
> > _______________________________________________ Users mailing list
> > Users@lists.strongswan.org
> > https://lists.strongswan.org/mailman/listinfo/users
>
>
>
>
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
["signature.asc" (application/pgp-signature)]
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic