I am facing one problem in Strongswan IPSEC tunnel . Can you please help me to resolve it.
access point --------broadband router-------internet------security gateway
I am using IPV6 over IPV4 strongswan IPSEC tunnel between Openwrt Access point and security gateway. Tunnel got established. Access point got “virtual IPV6” address from security gateway via IPSEC tunnel. Access Point already got another one global SLACC IPV6 address from Broadband router. I can able to ping security gateway’s IPV4 address as well as can able to ping IPV6 address of Virtual IPv6’s peer via IPSEC tunnel
Problem is, I could not able to ping Broadband router’s IPV6 global address from Access Point, If IPSEC tunnel is present. I can able to ping broadband router’s IPV6 address ,if IPSEC tunnel is stopped.
Access point has two global IPV6 addresses. One is “Virtual IPV6 address” from security gateway via IPSEC tunnel and another one is IPV6 address from Broadband router.
Below configuration used in “Access point”
#ipsec.conf - strongswan IPsec configuration file config setup strictcrlpolicy=no uniqueids = yes charondebug = "all" conn %default ikelifetime=1h keylife=20h ike=aes128-sha256-modp2048! esp=aes128-sha1! rekeymargin=3m keyingtries=1 keyexchange=ikev2 rekey=no conn client_to_server leftid=$(uci get ap_inventory.@inventory.Serial_number) left=$ap_ipv4_addr leftsourceip=%config6 leftsubnet=%dynamic #leftsubnet=::/0 leftauth=psk right=$secgw_ip rightid=%any rightsubnet=::/0 rightauth=psk auto=start dpdaction=clear dpddelay=30