7879 questions

9306 answers

14978 comments

12784 members

0 votes
36 views 3 comments
by
Hi All:

We make use of two cell providers in India, Airtel and Vodafone.

Airtel, where there is coverage, works as expected.

Vodafone gives us the following issues:

1. It can take upto 3 minutes for a connection to come up, so strongswan fails as the name lookup fails for our IPSec responder,

2. When the connection finally does come up, from another ssh console I can ping our IPSec responder but watching the log, using logread -f, I see strongswan trying to connect to the IPSec responder using an IPV6 address.

Why is it doing that? We have disabled IPV6 but nslookup is returning an IPv4 and IPV6 address for the responder.

We never have this issue with airtel.

Why is Vodafone doing this and how can we force strongswan to use only the IPV4 address?

Cheers,

John
by
Hello:

This gets even more strange....

If I setup the ipsec.conf (/etc/config/strongwan) as:

right       TheFullyQualifiedDomainName

and then I do this:

nslookup TheFullyQualifiedDomainName

I will get an IPv4 and IPv6 address and strongswan will use the IPv6 address.....there is no vpn setup on the IPv6 address.

If I setup ipsec.conf (/etc/config/strongswan) like this:

right       A.B.C.D

and then I do this:

nslookup TheFullyQualifiedDomainName

I will get only the IPv4 address A.B.C.D and strongswan will use this for the connection and it works.

But if we use airtel, it works either way.

Can anyone make sense of this?

Cheers,

john

1 Answer

0 votes
ago by
Hello,

It looks interesting situation, I would like to see what is happening at my end.
Can you suggest me steps to reproduce same setup at my end.

I need below inputs from you.
Which Teltonika router/gateway you are using with VI or Airtel SIM.
What is the responder / VPN HUB and whether it is using DDNS or a public IP.
Are you using main mode or aggressive mode.
And last thing is what is FW version in Teltonika device ?
ago by
Duplicating the fault is simple.

1. Setup your strongswan config using a URL,

2. Put in a Vodafone SIM,

3. Try and connect while watching logread -f,

4. You will see it failing to connect to your IPV4 IPSec responder because its trying to connect to IPv6 address.

Even with all the IpV6 setting switched to off it does this. Airtel does not, BNSL does not, only Vodafone.

If you adjust the strongswan config to using an IPv4 IP address rather than a URL, then it works as expected.

Cheers,

John
ago by
Hey,

Thanks for input.
I need to arrange a VI sim which I will do till Monday.
May be early.
From your response it looks like you are using URL (DDNS may be at responder side) is it correct?
And also you have not mentioned the device which you are using.

A small request, can you share ts file from router/gateway which you are using.
Navigate to below path and download file and share with me.
System>administration>troubleshoot file