Project

General

Profile

Issue #3402

Routing added in case of IPV6 IPSEC connection but not in IPV4 IPSEC connection

Added by Sowmya Pola 4 months ago. Updated 4 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
-
Affected version:
5.8.4
Resolution:

Description

Hi Team,

I would like to know the internal steps involved when "ipsec up <connName>" command is executed.

In our case, when we try to establish IPSEC connection using IPV6 addresses we could see that there is a routing added internally, but the same is not observed when IPV4 addresses are used.

Below are the config files for both configurations.

conn testpki
type=tunnel
left=10.33.42.174
lifetime=1h
ike=aes256-sha512-modp4096
ikelifetime=1h
esp=aes256-sha512-modp4096-noesn
right=10.35.15.16
keyexchange=ikev2
leftcert=vpnClientCert.pem
leftid="CN=IPSEC,O=strongSwan,C=IN"
rightid="C=IN,O=strongSwan,CN=IPSEC"
auto=add

conn testpki
type=tunnel
left=2001:1b70:8294:4435:3::6
lifetime=1h
ike=aes256-sha512-modp4096
ikelifetime=1h
esp=aes256-sha512-modp4096-noesn
right=2001:1b70:8294:4700::16
keyexchange=ikev2
leftcert=vpnClientCert.pem
leftid="CN=IPSEC,O=strongSwan,C=IN"
rightid="C=IN,O=strongSwan,CN=IPSEC"
auto=add

Please find the detailed information as an attachment.

Thanks & Regards,
Sowmya Pola.

ipsec_logs.txt (12.7 KB) ipsec_logs.txt Sowmya Pola, 08.04.2020 12:23

History

#1 Updated by Tobias Brunner 4 months ago

  • Status changed from New to Feedback
  • Priority changed from Urgent to Normal

strongSwan installs routes in table 220, which the deprecated route command won't show. Use ip route instead (see HelpRequests).

Also available in: Atom PDF