Hello, I got a problem when connecting with IPv6 ipsec using strongswan. It is
however working when building up an IPv6 ipsec connection manually, like this:
https://www.ripe.net/ripe/mail/archives/ipv6-wg/2018-November/003267.html Here
is all the debug and configs: The complete log from daemon start to the
point where the problem occurs SERVER: /var/log/charon_debug.log
https://pastebin.com/JQhcn2db CLIENT: /var/log/syslog
https://pastebin.com/ZEkkPAnT SERVER: /etc/ipsec.conf
https://pastebin.com/cCVb0jSZ /etc/strongswan.d/swanctl.conf swanctl { #
Plugins to load in swanctl. # load = # VICI socket to connect to by
default. # socket = unix://${piddir}/charon.vici } The complete current
status of the daemon (ipsec statusall or swanctl -L and swanctl -l) ipsec
statusall https://pastebin.com/Rmxw7RJA swanctl -L
https://pastebin.com/Wnz3Tecs swanctl -l (empty output) The complete
firewall rules (output of iptables-save and ip6tables-save on Linux,
analogously on other operating systems using the corresponding command(s))
iptables-save https://pastebin.com/vYtQMs1w ip6tables-save
https://pastebin.com/T7m9726Y The complete contents of all routing tables
(output of ip route show table all on Linux, analogously on other operating
systems) ip route show table all https://pastebin.com/cSRwtrGw The complete
overview over all IP addresses (output of ip address on Linux, analogously on
other operating systems) ip address https://pastebin.com/Anx8sBWj I think the
reason why it doesn't work is the following error, but I'm not exactly sure
what that means or how to avoid this. According to the bugtracker there is a
feature missing in the linux kernel, but it works manually using the specified
script above. Thu, 2018-11-22 18:04 05[KNL] <ikev2-vpn-329|2> got SPI cf8b9417
... Thu, 2018-11-22 18:04 05[KNL] <ikev2-vpn-329|2> received netlink error:
Invalid argument (22) Thu, 2018-11-22 18:04 05[KNL] <ikev2-vpn-329|2> unable to
add SAD entry with SPI cf8b9417 (FAILED) Thanks and best regards, Hook