Project

General

Profile

Issue #939

Updated by Noel Kuntze about 1 year ago

I tried to setup an IPv6 connection with following scenario

10.0.0.1[Server] fec0::2 ---[nat-t]-- fec0::1[Client]
when the Client's IP pass through the nat-t, the nat-t will change the Client's IP to other IP.

And the configuration as followed -
<pre>
[Client side]
conn home
left=fec0::1
keyexchange=ikev2
authby=secret
right=fec0::2
rightsubnet=0.0.0.0/0
auto=add
</pre>


<pre>
[Server side]
conn psk
left=fec0::2
leftsubnet=0.0.0.0/0
keyexchange=ikev2
authby=secret
right=%any
auto=add
</pre>


However, after IKE SA established, server side cannot setup SAD
successfully.
It shows up following error log
<pre>


received netlink error: Invalid argument (22)
Unable to add SAD entry with SPI c2dc9aa0
received netlink error: Invalid argument (22)
Unable to add SAD entry with SPI ced1801e
Unable to install inbound and outbound IPSec SA (SAD) in kernel
</pre>

Back