[Swan] IPv6 Question
Mirsad Goran Todorovac
mirsad.todorovac at alu.hr
Tue Jul 12 15:57:42 EEST 2022
On 7/11/2022 9:35 PM, Paul Wouters wrote:
> On Mon, 11 Jul 2022, Mirsad Goran Todorovac wrote:
>
>> Pluto log is here:
>> https://magrf.grf.hr/~mtodorov/tmp/ikev2-20220711-01.log
>
> Jul 11 20:20:47.820601: | sending 473 bytes for STATE_V2_PARENT_R0
> through enp1s0 from [2001:b68:2:2600::3]:500 to
> [2a05:4f46:31a:7500:f4ab:160e:24dc:df90]:500 using UDP (for #4)
>
> The client does not respond to libreswan's answer. The reason for a lack
> of response would be on the client side log ?
Hi, Paul, thank Heavens you are here!
We have lost VPN connectivity since we introduced IPv6, I suppose.
The problem is that MS VPN client has IPv6 preference.
The Windows 10 client reports in evtlog:
"The user SYSTEM dialed a connection named GRF IKEv2 magrf which has
failed. The error code returned on failure is 809."
Google says this Rasclient error is connected with a firewall or lack of
connectivity between the client and server computer.
Connectivity scan shows this:
C:\Users\mtodo>nmap -6 -sU -p 500,4500 magrf.grf.hr
Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-12 08:35 Central
European Daylight Time
Nmap scan report for magrf.grf.hr (2001:b68:2:2600::3)
Host is up (0.0015s latency).
Other addresses for magrf.grf.hr (not scanned): 161.53.83.3
PORT STATE SERVICE
500/udp open|filtered isakmp
4500/udp closed nat-t-ike
Nmap done: 1 IP address (1 host up) scanned in 1.55 seconds
C:\Users\mtodo>
I checked with our NOC and they asserted that there it is not the IPv6
firewall. This goes in line with the fact
that I tried to establish a connection to the local server on the same
subnet.
I may be running out of options for now. The usual step would be to do
more homework ;-)
Mirsad
--
Mirsad Goran Todorovac
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355
More information about the Swan
mailing list