Comments (1)
cluck
commented on May 20, 2024
Another thing worth documenting is that the implicit default of remote_ts = dynamic is not enough for some common use-cases. This selector does not include multicast IPv6 (ff00::/8), which keeps regular Router Advertisements emitted by the responder (addressing "all-nodes" ff02::1) to reach the initiator, for example. It also does not include the fe80:: address(es) of the initiator.
A prominent victim of this is the Windows RAS Client, which happily accepts the advertised routes as soon as remote_ts is expanded to dynamic, ff00::/8, fe80::/64. The fe80::/64 is also necessary, and acceptable if the policy is shadowed behind a XFRM interface. With this combination, the cumbersone workaround mentioned in the archived ticket 817 is not needed anymore; IPv6 is fully working with Windows 10 (21H2).
My setup includes a Linux responder, a configuration including a XFRM interface, and a FRR router daemon instance for router advertisements, advertising a ::/48 ULA but no default route. As a side-node, radvd currently refuses to work with XFRM interfaces ("interface not ready") (reported here).
from strongswan.
Related Issues (20)
- build project on CentOS failed
- bad memcpy() in dhcp_socket.c, line 253 HOT 3
- [NET] received packet from on ignored interface
- Start profiles immediately after StrongSwan/Android is started HOT 1
- How to configure strongswan to listen in TCP mode HOT 1
- android11 can't use "IKEv2/IPSec MSCHAPv2" to connect strongswanVPN server
- "<child>.local_ts" Dynamic acquisition of network card IP address HOT 2
- I used a tester to test VPN throughput and found that charon’s memory usage was high and was killed by the kernel. Is there any solution to limit memory usage? HOT 13
- Build of version 5.9.14 fails on alpine (musl) HOT 1
- ubuntu make error
- proposal_keywords.c is excluded by the .gitignore file HOT 2
- charon-nm: only a single CA cert file is loaded from "server certificate" file HOT 3
- add logger configuration for json output HOT 4
- Add support for the post-quantum ML-KEM KE algorithm in openssl plugin
- Routing regression between 5.9.8 (Debian Bookworm deb12u1) and 5.9.13 (Ubuntu 24.04 (2ubuntu4)) HOT 8
- libstrongswan rsa test getting hang sporadically with strongswan 5.9.6 HOT 2
- "Invalid ELF image for this architecture" error while running tests suite in strongswan HOT 1
- Confusing loading state in Battery Saver HOT 1
- "Invalid ELF image for this architecture" error while running tests suite in strongswan 5.8.4 version HOT 5
- Are there plans to adapt HarmonyOS in the future? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from strongswan.