Project

General

Profile

Bug #2586

charon-nm on IPv6-only: DNS resolve failure

Added by Harald Dunkel about 1 year ago. Updated 2 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Tobias Brunner
Category:
networkmanager (charon-nm)
Target version:
5.8.0
Start date:
Due date:
Estimated time:
Affected version:
5.6.2
Resolution:
Fixed

Description

Trying to force charon-nm to use IPv6 I get a lookup failure very early:

Mar 12 08:27:10 ppcl001 charon-nm: 10[CFG] received initiate for NetworkManager connection mygate IKEv2
Mar 12 08:27:10 ppcl001 charon-nm: 10[CFG] using CA certificate, gateway identity 'mygate6.example.com'
Mar 12 08:27:10 ppcl001 charon-nm: 19[LIB] resolving 'mygate6.example.com' failed: Name or service not known
Mar 12 08:27:10 ppcl001 charon-nm: 10[IKE] unable to resolve mygate6.example.com, initiate aborted
Mar 12 08:27:10 ppcl001 charon-nm: 10[MGR] tried to checkin and delete nonexisting IKE_SA

Point is, the peer (mygate6.example.com) doesn't have an A record in DNS, just AAAA. If I set the gateway to "mygate4.example.com" with a regular A record, then there is no such problem.

Related issues

Related to Feature #1143: Network manager plugin has no support for ipv6Closed2015-10-04

Associated revisions

Revision 4f8c00e3
Added by Tobias Brunner 2 months ago

Merge branch 'nm-ipv6'

Adds support for IPv6 to the NetworkManager backend and plugin.

Fixes #1143, #2586.

History

#1 Updated by Harald Dunkel about 1 year ago

Looking through my old logfiles it seems that charon-nm never used IPv6, even though the peers "usual" DNS entry has both A and AAAA DNS records. The macos and ios devices connect fine via IPv6 (to the same peer).

Unfortunately I could try only 5.6.1 and 5.6.2.

#2 Updated by Tobias Brunner about 1 year ago

  • Category set to networkmanager (charon-nm)
  • Status changed from New to Feedback

It's probably due to the 0.0.0.0 here: source:src/charon-nm/nm/nm_service.c#L529 But note that charon-nm does not really support IPv6 (i.e. it does not pass virtual IPv6 addresses or DNS servers to NM, however, if that's not necessary in your setup it might work).

Also, if the resolved host is dual-stack you could configure charon-nm to only use IPv4 by disabling charon-nm.plugin.socket-default.use_ipv6.

#3 Updated by Tobias Brunner about 1 year ago

  • Related to Feature #1143: Network manager plugin has no support for ipv6 added

#4 Updated by Tobias Brunner 3 months ago

  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to Duplicate

The patches for #1143 also include a change for the above.

#5 Updated by Tobias Brunner 2 months ago

  • Tracker changed from Issue to Bug
  • Target version set to 5.8.0
  • Resolution changed from Duplicate to Fixed

Also available in: Atom PDF