Hi, i have fix the problem by update from 5.3 to latest stable (self compiled). now IPv4 over IPv6 tunnels work fine on linux and mac clients. only windows clients couldn't access the network. When i start a ping on client side i can see the esp packets came in on server. when start ping on server side i see esp packets go out from server. but i have never seen a esp packet with response.
anybody an idea? greets marco 2017-07-05 23:11 GMT+02:00 Marco Scholl <deve...@marco-scholl.de>: > Hi guys, > > i have an IKEv2 roadwarrior setup (U5.3.5/K4.8.0-58-generic) that works > fine with IPv4 through IPv4 tunnel. > But now i want to allow connection also through IPv6. But when i connect > through IPv6, the tunnel came up and i got the correct ip address..., but i > didn't get any traffic through it. > > When i start a ping on client side i can see the esp packets came in. when > start ping on server side i see esp packets go out. but i have never seen > ean response esp packet. When i start xfrm monitor i got this errors: > > "Async event (0x20) timer expired" > > Here my Config > > conn %default > fragmentation=yes > ikelifetime=1d > keylife=20m > rekeymargin=3m > keyingtries=1 > keyexchange=ikev2 > authby=secret > right=%any > rightid=%any > rightsendcert=never > rightauth=eap-radius > rightsourceip=%radius > ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128- > sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256- > modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128- > sha1-modp1536,aes256-sha384-modp2048,aes256-sha256- > modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128- > sha1-modp1024,aes256-sha384-modp1536,aes256-sha256- > modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256- > sha256-modp1024,aes256-sha1-modp1024! > esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128- > sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048, > aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256- > modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128- > sha1-modp1536,aes256-sha384-modp2048,aes256-sha256- > modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128- > sha1-modp1024,aes256-sha384-modp1536,aes256-sha256- > modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256- > sha256-modp1024,aes256-sha1-modp1024,aes128gcm16, > aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384, > aes256-sha256,aes256-sha1! > eap_identity=%identity > > conn rw > auto=add > right=%any > rightid=%any > left=MYIPS > leftsubnet=10.0.0.0/8 > leftfirewall=yes > leftauth=pubkey > leftcert=MYCERT > leftsendcert=always > leftid=@MYFQDN > > I hope somebody can help. > > Greets marco >