Project

General

Profile

Bug #3285

Virtual IPs on FreeBSD cannot set IPv6 addresses

Added by Chris Ryder 11 days ago. Updated 11 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
03.12.2019
Due date:
Estimated time:
Affected version:
5.8.1
Resolution:

Description

Running StrongSwan 5.8.1 on a FreeBSD 12.1 machine, acting as a roaming VPN client it appears that StrongSwan is only able to assign IPv4 addresses to the tun interface. IPv4 traffic works fine, and I have other VPN clients (iOS and Mac OS X built-in clients) connect to the VPN server and get both IPv6 and IPv4 addresses assigned correctly. However, on the FreeBSD client, StrongSwan reports the following when it brings up the VPN:

.....
scheduling reauthentication in 86170s
maximum IKE_SA lifetime 86350s
installing new virtual IP 81.XX.XX.XX
created TUN device: tun0
installing new virtual IP 2001:XXX:XXXX:XXXX::XXXX
created TUN device: tun1
failed to add address on tun1: Invalid argument
installing virtual IP 2001:XXXX:XXXX:XXXX::XXXX failed
selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
CHILD_SA vpn{2} established with SPIs c740b4b1_i 65f904ab_o and TS 81.XX.XX.XX/32 === 81.XX.XX.YY/29 ZZ.ZZ.ZZ.ZZ/28
connection 'vpn' established successfully

Digging into the `failed to add address on tun1: Invalid argument` message, I think the problem is that in https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/networking/tun_device.c#L168 the SIOCAIFADDR ioctl (and other friends) is being used, which I think only supports IPv4 address on FreeBSD/Darwin - for IPv6 I think SIOCAIFADDR_IN6 and friends are needed. I don't have any experience of that level of networking code though, but the source for the FreeBSD ifconfig tool https://github.com/freebsd/freebsd/tree/master/sbin/ifconfig shows a difference between inet and inet6 code paths: https://github.com/freebsd/freebsd/blob/master/sbin/ifconfig/af_inet.c https://github.com/freebsd/freebsd/blob/master/sbin/ifconfig/af_inet6.c

There is also a sample of how to set IPv6 addresses on Darwin which looks similar: https://gist.github.com/icpz/65476f8c1ae4c0451b2f67c3fccc2244


Related issues

Related to Issue #974: Charon crash on Mac OS with IPv6 Virtual IPNew30.05.2015

History

#1 Updated by Tobias Brunner 11 days ago

  • Status changed from New to Feedback

That's a known issue. See the (very old) commit in the tun-device-ipv6 branch. Since I had no IPv6 connectivity at the time (and nobody really seemed interested), I never tested it (don't know if it even is complete).

#2 Updated by Chris Ryder 11 days ago

Ah, I hadn't managed to find that branch - I'll see if I can get that code updated to work in my FreeBSD scenario, thanks!

#3 Updated by Tobias Brunner 11 days ago

  • Related to Issue #974: Charon crash on Mac OS with IPv6 Virtual IP added

Also available in: Atom PDF