Issue #939
Updated by Noel Kuntze almost 4 years ago
I tried to setup an IPv6 connection with following scenario
10.0.0.1[Server] fec0::2 ---[nat-t]-- fec0::1[Client]
when the Client's IP pass through the nat-t, the nat-t will change the Client's IP to other IP.
And the configuration as followed -
<pre>
[Client side]
conn home
left=fec0::1
keyexchange=ikev2
authby=secret
right=fec0::2
rightsubnet=0.0.0.0/0
auto=add
</pre>
<pre>
[Server side]
conn psk
left=fec0::2
leftsubnet=0.0.0.0/0
keyexchange=ikev2
authby=secret
right=%any
auto=add
</pre>
However, after IKE SA established, server side cannot setup SAD
successfully.
It shows up following error log
<pre>
received netlink error: Invalid argument (22)
Unable to add SAD entry with SPI c2dc9aa0
received netlink error: Invalid argument (22)
Unable to add SAD entry with SPI ced1801e
Unable to install inbound and outbound IPSec SA (SAD) in kernel
</pre>
10.0.0.1[Server] fec0::2 ---[nat-t]-- fec0::1[Client]
when the Client's IP pass through the nat-t, the nat-t will change the Client's IP to other IP.
And the configuration as followed -
<pre>
[Client side]
conn home
left=fec0::1
keyexchange=ikev2
authby=secret
right=fec0::2
rightsubnet=0.0.0.0/0
auto=add
</pre>
<pre>
[Server side]
conn psk
left=fec0::2
leftsubnet=0.0.0.0/0
keyexchange=ikev2
authby=secret
right=%any
auto=add
</pre>
However, after IKE SA established, server side cannot setup SAD
successfully.
It shows up following error log
<pre>
received netlink error: Invalid argument (22)
Unable to add SAD entry with SPI c2dc9aa0
received netlink error: Invalid argument (22)
Unable to add SAD entry with SPI ced1801e
Unable to install inbound and outbound IPSec SA (SAD) in kernel
</pre>