#884650 strongswan-nm: requesting inner IP is IPv4-only

Package:
strongswan-nm
Source:
strongswan
Description:
strongSwan plugin to interact with NetworkManager
Submitter:
"brian m. carlson"
Date:
2023-05-23 09:27:07 UTC
Severity:
important
Tags:
#884650#5
Date:
2017-12-18 03:21:52 UTC
From:
To:
When using the NetworkManager plugin, when the "Request inner IP" option
is set, this requests only an IPv4 address.  I believe if an IPv6
address were requested, the CPRQ line would include an "ADDR6" entry:

  Dec 18 02:44:40 genre charon-nm: 07[IKE] establishing CHILD_SA vpn-remote{9}
  Dec 18 02:44:40 genre charon-nm: 07[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ CPRQ(ADDR DNS NBNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]

Since the remote side is also strongSwan, no IPv6 address is issued if
the client doesn't request one.

If the VPN plugin has IPv6 enabled, then strongSwan should request both
an IPv4 and an IPv6 address.  Not doing so causes IPv6 traffic to leak
if the client has other IPv6 connectivity.

#884650#10
Date:
2023-05-23 09:18:37 UTC
From:
To:
I can't say how and when this got fixed, but it doesn't seem to happen
anymore:

Mai 23 10:31:55 schlarb-0 charon-nm[170874]: 10[ENC] generating IKE_AUTH
request 1 [ IDi N(INIT_CONTACT) CERTREQ CPRQ(ADDR ADDR6 DNS NBNS DNS6)
SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR)
N(ADD_6_ADDR) N(ADD_6_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]