IPSec over IPv6 routing problem

To: debian-ipv6@lists.debian.org
Subject: IPSec over IPv6 routing problem
From: Jason White <jason@jasonjgw.net>
Date: Sat, 8 Jun 2013 03:45:32 +0000 (UTC)
Message-id: <[🔎] kou9cr$k0k$1@ger.gmane.org>

I've encountered an unusual routing issue after setting up IPSec over IPv6
with StrongSwan. There hasn't been any help forthcoming from the StrongSwan
list, and in any case I suspect the problem might be kernel-related, since it
occurs after the tunnel has been established and the output of ip xfrm policy
show and ip xfrm state show both look correct to me.

The machine has an eth0 interface to which the IPv6 public address is assigned
and a ppp0 interface associated with an ADSL modem card. ppp0 only has a local
link address (DHCPv6 prefix delegation is used). The default route goes via
ppp0.

If I set up an IPSec tunnel mode association with a remote machine, my host
doesn't know where to send the packets and I get "address unreachable" packets
appearing on the loopback interface. After a while, everything corrects itself
for a short time and packets flow; then IPSec keys are renegotiated and it
fails completely.

Where should I submit the bug report? I can provide the output of various ip
show commands.

There's no urgency on this (just experimenting with IPSec, after all) but I
like to see bugs being fixed.

Reply to:

Index(es):
- Date
- Thread