10891 questions

12977 answers


26261 members

0 votes
75 views 1 comments
Hi All:

I have already checked with the strongswan mailing list on this and it is not a strongswan issue. Storngswan simply uses the local lookup, whatever that might be.

We use two cell phone providers Airtel and Vodafone. Airtel works fine, no issues.

With Vodafone about 30% of the time, we get this:

root@CORS144:~# nslookup cors.surveyofindia.gov.in


Address 1: localhost

Name:      cors.surveyofindia.gov.in

Address 1: 64:ff9b::67cd:f46a

Address 2:

Why is nslookup returning an IPv6 IP address?

IPv6 is disabled:

root@CORS114:~# cat  /proc/sys/net/ipv6/conf/all/disable_ipv6


root@CORS114:~# cat  /proc/sys/net/ipv6/conf/default/disable_ipv6


So what is going on? I am using a FQDN in the strongswan connection profile in case we change ISPs. The issue goes away if I use an IP address but I don't want to do that.

I have tried creating this file:

root@CORS144:~# cat /etc/gai.conf

precedence ::ffff:0:0/96 100

scopev4 ::ffff: 2

scopev4 ::ffff: 2

scopev4 ::ffff: 14

To force precedence of IPv4 over IPv6 but its not working.

Why is the RUT-950 using IPv6 when it is clearly disabled?

How can I FORCE IT to not use IPv6?



1 Answer

0 votes

Could you post screenshots of your IPsec configuration? (you can blur out sensitive information, such as IP's and etc.)

root@CORSmine:~# cat /etc/config/strongswan

config conn 'SOICC'

        option enabled '1'

        option keyexchange 'ikev2'

        option ipsec_type 'tunnel'

        option leftfirewall 'yes'

        option forceencaps 'no'

        option dpdaction 'restart'

        option right 'cors.surveyofindia.gov.in'

#       option right ''

        option keep_enabled '1'

        option ping_ipaddr ''

        option ping_period '15'

        option allow_webui '1'

        option ike_encryption_algorithm 'my encryption'

        option ike_authentication_algorithm 'my authentication'

        option ike_dh_group 'my dh group'

        option esp_encryption_algorithm 'my encryption'

        option esp_hash_algorithm 'my hash'

        option esp_pfs_group 'my pfs'

        option keylife '4h'

        option my_identifier 'keyid:CORSmine'

        option rightid 'keyid:CCthem'

        option rightfirewall 'no'

        option dpddelay '30'

        option dpdtimeout '30'

        option ikelifetime '5h'

        option auto 'start'

        option auth 'psk'

        list leftsubnet ''

        list rightsubnet ''

        option aggressive 'no'

config preshared_keys

        option psk_key 'The CC router psk'

        list id_selector 'keyid:CCthem keyid:CORSmine'

config preshared_keys

        option psk_key 'The remote router psk'

        list id_selector 'keyid:CORSmine keyid:CCthem'

config preshared_keys