Having an issue with IPv6 subnet-to-host connection selecting the wrong
interface when routing using %defaultroute.
(The same config with IPv4 works properly)
Running libreswan 4.15 under Rocky 9 Linux using the out-of-box_updown
script.
---
Network topology:
Internal interface
eth1
2403:5805:3555:10::1/64
172.21.1.1/24
^
|
V
DMZ interface
default route
eth0
2403:5805:3555::2
172.21.0.2/24
^
|
V
Internet gateway
2403:5705:3555::1
fe80::a691:b1ff:fed4:dc56
172.21.0.1
^
|
V
Remote host
2404:9400:3:0:216:3eff:fee8:a03
103.249.236.138
---
libreswan config:
conn test
hostaddrfamily=ipv6
clientaddrfamily=ipv6
type=tunnel
ikev2=yes
authby=rsasig
dpddelay=30
dpdtimeout=90
dpdaction=clear
left=%defaultroute
leftrsasigkey=%cert
leftcert=neo
leftid=%fromcert
leftsubnet=2403:5805:3555:10::/64
leftsourceip=2403:5805:3555:10::1
right=2404:9400:3:0:216:3eff:fee8:a03
rightrsasigkey=%cert
rightca=%same
---
After establishment of the connection, routing table is:
#ip -6 ro li
::1 dev lo proto kernel metric 256 pref medium
2403:5805:3555::/64 dev eth0 proto kernel metric 102 pref medium
2403:5805:3555:10::/64 dev eth1 proto kernel metric 101 pref medium
2404:9400:3:0:216:3eff:fee8:a03 via fe80::a691:b1ff:fed4:dc56 dev eth1 src
2403:5805:3555:10::1 metric 1024 pref medium
fe80::/64 dev eth1 proto kernel metric 1024 pref medium
fe80::/64 dev eth0 proto kernel metric 1024 pref medium
default via fe80::a691:b1ff:fed4:dc56 dev eth0 metric 1024 pref medium
i.e. route to the remote host is established specifying eth1 but using
link-local address of the default eth0 interface
---
The same connection but replacing %defaultroute with:
conn test
left=2403:5805:3555::2
leftnexthop=2403:5805:3555::1
works nicely:
#ip -6 ro li
...
2404:9400:3:0:216:3eff:fee8:a03 via 2403:5805:3555::1 dev eth0 src
2403:5805:3555:10::1 metric 1024 pref medium
---
_______________________________________________
Swan mailing list -- [email protected]
To unsubscribe send an email to [email protected]
