[Openswan Users] Issues with DynDNS hostname and dual stack
Westermaier, Andreas
andreas.westermaier at gmx.de
Sun Feb 8 03:45:46 EST 2015
Hello,
having issues with OpenSWAN (v2.6.28 on Debian squeeze) and a DynDNS host with dual stack. The host has an IPv4 and IPv6 address.
Connection definition is as following and works since years with hosts having only IPv4 addresses:
conn dynhostname.dyndns.org
auto = add
left = ***.**.***.6
leftsubnet = 10.0.0.0/8
right = dynhostname.dyndns.org
rightid = @dynhostname.dyndns.org
rightsubnet = 192.168.1.0/27
authby = secret
ikelifetime = 4h
keylife = 1h
pfs = yes
compress = no
Log shows the following error (with plutodebug=all):
pluto[29352]: | find_host_connection2 called from main_inI1_outR1, me=***.**.***.6:500 him=%any:500 policy=PSK
pluto[29352]: | find_host_pair: comparing to ***.**.***.6:500 ***.***.**.96:500
pluto[29352]: | find_host_pair: comparing to ***.**.***.6:500 ***.**.**.17:500
pluto[29352]: | find_host_pair: comparing to ***.**.***.6:500 ***.**.**.18:500
pluto[29352]: | find_host_pair: comparing to ***.**.***.6:500 ***.**.**.20:500
pluto[29352]: | find_host_pair: comparing to ***.**.***.6:500 xxxx:xxx:5xxx:ae62:3681:xxxx:fe34:e530:500
pluto[29352]: | find_host_pair_conn (find_host_connection2): ***.**.***.6:500 %any:500 -> hp:none
pluto[29352]: | searching for connection with policy = PSK
pluto[29352]: | find_host_connection2 returns empty
pluto[29352]: packet from ***.***.**.105:500: initial Main Mode message received on ***.**.***.6:500 but no connection has been authorized with policy=PSK
The DynDNS host shows only up with its IPv6 address in the comparisons and it seems that it can't match that IPv6 address to the PSK in the ipsec.secrets:
***.**.***.6 @dynhostname.dyndns.org : PSK "123testing"
Disabled IPv6 for the whole system in sysctl.conf, but it doesn't solve the issue.
How can I get it to use the IPv4 address of the dual stack DynDNS host instead of the IPv6 address?
Thank you!
Andreas
More information about the Users
mailing list