I have a Strongswan IPv6 tunnel connection over the normal IPv4, and sometimes the IPv6 ping to the server does not get ping reply. Has anyone seen this issue too?
The reason for sending the ping over the secure IPv6 tunnel is to test if the tunnel connection is up and running. Checking the wireshark traces and comparing the successful and failing case, I see in the successful case we received an IPv6 "Router Advertisement" multi-cast right after having connected the tunnel (i.e. after the IKE_INIT and the 3 IKE_AUTH pairs). Then all subsequent IPv6 pings would get a response. For the failing case, we do not receive the Router Advertisement, and the pings do not get any response. Could the ping with no response issue be related to the Router Advertisement? The exact sequence is: IKE_SA_INIT MID=00 Initiator Request IKE_SA_INIT MID=00 Responder Response IKE_AUTH MID=01 Initiator Request IKE_AUTH MID=01 Responder Response IKE_AUTH MID=02 Initiator Request IKE_AUTH MID=02 Responder Response IKE_AUTH MID=03 Initiator Request Router Advertisement from :: to ff02::1 IKE_AUTH MID=03 Responder Response Router Advertisement from an IPv6 address to ff02::1 Echo (ping) request Echo (ping) response Thanks, Peter ----------------------------------------------------------------------------------- This email message is for the sole use of the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. -----------------------------------------------------------------------------------
