Hi All,
I am facing one problem in Strongswan IPSEC tunnel . Can you please help me to resolve it.
Topology:
access point --------broadband router-------internet------security gateway
I am using IPV6 over IPV4 strongswan IPSEC tunnel between Openwrt Access point and security gateway. Tunnel got established. Access point got “virtual IPV6” address from security gateway via IPSEC tunnel. Access Point already got another one global SLACC IPV6 address from Broadband router. I can able to ping security gateway’s IPV4 address as well as can able to ping IPV6 address of Virtual IPv6’s peer via IPSEC tunnel
Problem is, I could not able to ping Broadband router’s IPV6 global address from Access Point, If IPSEC tunnel is present. I can able to ping broadband router’s IPV6 address ,if IPSEC tunnel is stopped.
Access point has two global IPV6 addresses. One is “Virtual IPV6 address” from security gateway via IPSEC tunnel and another one is IPV6 address from Broadband router.
Below configuration used in “Access point”
#ipsec.conf - strongswan IPsec configuration file
config setup
strictcrlpolicy=no
uniqueids = yes
charondebug = "all"
conn %default
ikelifetime=1h
keylife=20h
ike=aes128-sha256-modp2048!
esp=aes128-sha1!
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
rekey=no
conn client_to_server
leftid=$(uci get ap_inventory.@inventory[0].Serial_number)
left=$ap_ipv4_addr
leftsourceip=%config6
leftsubnet=%dynamic
#leftsubnet=::/0
leftauth=psk
right=$secgw_ip
rightid=%any
rightsubnet=::/0
rightauth=psk
auto=start
dpdaction=clear
dpddelay=30
Thanks,
Durga K