Original program using openswan, modified algorithm, other did not change, IP protocol ipv6
Problem description: when using the computer run 1 ipsec auto - up conn, computer 1 Ike negotiation i1 first completion of package, and can be finished to send, with caught software can get computer 1 to 2 udp isakmp package, but caught the software will catch the computer 2 reply a icmp6 destination unreachable, 2 to start with a computer at this time the ipsec auto - up conn, ipsec will complete the ikev2 negotiation, and establish the sa,
Icmp6 returns the type: 1, code: 1
Both sides code is completely consistent, iptables closed, Windows 7 firewall is shut, it is not clear what the causes of the original code do not have this problem, use the openswan please experts give some advice
CodePudding user response:
Disable ipv4 addresses, add that the system only USES ipv6 address, both ends with engine ping6 is can ping ping each other, so there is no so-called host can not find, but computer 1 complete i1 of Ike steps for r1 returned, can the purpose of receiving icmp6 inaccessible (return code 1 is the host unreachable) but from the computer 2 using ipsec connection is established, the computer complete i1 2 to 1, the computer 1 complete r1 issue 2, computer 2 i2 returns to 1, 2, 1 finish r2 is returned to the computer to complete the ikev2 negotiation, sa is established, he can finish the negotiation, should also be modified algorithm does not affect his communications, but sometimes I restart the network service service network restart, computer 1 can complete connection again, but after the restart the system is also not line, you have what idea?