[Swan] IPv6 Question

Mirsad Goran Todorovac mirsad.todorovac at alu.hr
Tue Jul 12 15:57:42 EEST 2022 

On 7/11/2022 9:35 PM, Paul Wouters wrote:

> On Mon, 11 Jul 2022, Mirsad Goran Todorovac wrote:
>
>> Pluto log is here: 
>> https://magrf.grf.hr/~mtodorov/tmp/ikev2-20220711-01.log
>
> Jul 11 20:20:47.820601: | sending 473 bytes for STATE_V2_PARENT_R0 
> through enp1s0 from [2001:b68:2:2600::3]:500 to 
> [2a05:4f46:31a:7500:f4ab:160e:24dc:df90]:500 using UDP (for #4)
>
> The client does not respond to libreswan's answer. The reason for a lack
> of response would be on the client side log ?
Hi, Paul, thank Heavens you are here!

We have lost VPN connectivity since we introduced IPv6, I suppose.
The problem is that MS VPN client has IPv6 preference.

The Windows 10 client reports in evtlog:

"The user SYSTEM dialed a connection named GRF IKEv2 magrf which has 
failed. The error code returned on failure is 809."

Google says this Rasclient error is connected with a firewall or lack of 
connectivity between the client and server computer.
Connectivity scan shows this:

C:\Users\mtodo>nmap -6 -sU -p 500,4500 magrf.grf.hr
Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-12 08:35 Central 
European Daylight Time
Nmap scan report for magrf.grf.hr (2001:b68:2:2600::3)
Host is up (0.0015s latency).
Other addresses for magrf.grf.hr (not scanned): 161.53.83.3

PORT     STATE         SERVICE
500/udp  open|filtered isakmp
4500/udp closed        nat-t-ike

Nmap done: 1 IP address (1 host up) scanned in 1.55 seconds
C:\Users\mtodo>

I checked with our NOC and they asserted that there it is not the IPv6 
firewall. This goes in line with the fact
that I tried to establish a connection to the local server on the same 
subnet.

I may be running out of options for now. The usual step would be to do 
more homework ;-)

Mirsad

-- 
Mirsad Goran Todorovac
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355

More information about the Swan mailing list