Strange issue with IPv6 through ipsec

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Niccolò Belli" <darkbasic-DEeHIYRtcplPMsqi6aon0Q@public.gmane.org>
To: netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Cc: users-3+4lAyCyj6DkhV4RL1hkzWD2FQJk+8+b@public.gmane.org
Subject: Strange issue with IPv6 through ipsec
Date: Thu, 01 Mar 2012 00:43:28 +0100	[thread overview]
Message-ID: <4F4EB820.1090607@linuxsystems.it> (raw)

Hi,
I'm not sure if netdev is the right place, that's a strange behavior but 
I'm not sure if it's a bug because I'm an IPv6 newbie.

I'd like to give my servers IPv6 connectivity for the World IPv6 Launch, 
so I bought a virtual machine with IPv6 connectivity and I asked to 
route a /56, then I extruded it through an IKEv2 ipsec tunnel 
(Strongswan 4.5.3 on Debian Squeeze amd64).

A is the virtual machine with IPv6 connectivity.
B is the other peer.
A has IPv6 a:b:c:d::1/64
The routed subnet is a:b:c:300::/56

After the tunnel creation I add an IPv6 to B external interface:
ip -6 addr add a:b:c:301::1/6 dev nas0
Then I create a default route:
ip -6 route add default via a:b:c:0301::2 dev nas0

Now I can ping A from B and B from A.
If I destroy and re-create the tunnel everything keep working.

If instead of adding an IPv6 to nas0 I add it to eth0 (an internal 
interface):
ip -6 addr add a:b:c:301::1/6 dev eth0
ip -6 route add default via a:b:c:0301::2 dev eth0

it still works (A con ping B and B can ping A) *BUT* if I destroy and 
re-create the tunnel it doesn't work anymore!
I have to type:
ip -6 addr del a:b:c:301::1/6 dev eth0
ip -6 addr add a:b:c:301::1/6 dev eth0
ip -6 route add default via a:b:c:0301::2 dev eth0

to make it work again O_O

Cheers,
Niccolò

next             reply	other threads:[~2012-02-29 23:43 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-02-29 23:43 Niccolò Belli [this message]
     [not found] ` <4F4EB820.1090607-DEeHIYRtcplPMsqi6aon0Q@public.gmane.org>
2012-03-01  0:03   ` Strange issue with IPv6 through ipsec Niccolò Belli
     [not found]     ` <4F4EBCE3.8040301-DEeHIYRtcplPMsqi6aon0Q@public.gmane.org>
2012-03-02 13:19       ` Niccolò Belli

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4F4EB820.1090607@linuxsystems.it \
    --to=darkbasic-deehiyrtcplpmsqi6aon0q@public.gmane.org \
    --cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=users-3+4lAyCyj6DkhV4RL1hkzWD2FQJk+8+b@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.