no reconnect after a local prefix delegation
I am running an IPsec connection between my PC at home (strongswan 5.8.4, kernel 5.6.3, Debian) and the gateway in the office (5.8.2, kernel 4.19.98, Debian 10). Problem:
If there is a prefix delegation in my LAN, then the IPsec connection is lost and a new one is not established. AFAIK this is not supposed to happen, due to MOBIKE.
The local charon.log and ipsec.conf are attached. In this case I rebooted my internet gateway to get a new prefix (making the old prefix invalid). Please note the netlink errors. I am not sure if they are supposed to happen.
gateway IP addresses
#2 Updated by Tobias Brunner 5 months ago
- Status changed from New to Feedback
According to the log, there is an only partially successful switch to IPv4 (the initial connectivity check works, but the next MOBIKE update fails already), which you might want to investigate. Then there is another switch to IPv6 (to reestablish the SA after a retransmission timeout) but that fails too (is the IPv6 address there still valid? if not, it shouldn't have been selected as source IP).
Increasing the log level for knl to 2 might show a bit more about what goes on when network/kernel changes occur.
The tunnel here seems to only protect IPv4 traffic. Are there other tunnels that maybe also cover IPv6? If so, make sure you bypass NDP.