SoftEther and IPv6

[andiling]

Hi,

I am running SoftEther 4.18 Build 9570 as IPSec/L2TP Server on Linux 2.6.32.61 mips32-be (it's a router called Fritzbox) and I have attached the ifconfig output. The connection is DualStack which means there's a public IPv4 and IPv6 address available. The DDNS Service included with SoftEther recognizes both public IPs. The clients are directly connected by IPv6 either (no tunnel or similar).

nmap brings for both IPv4 and IPv6 the following:
500/udp open isakmp
1701/udp closed L2TP
4500/udp open|filtered nat-t-ike

I have attached the config file; the tap device tap_vpn is member of the bridge lan.

The connection with IPv4 works flawlessly but I am not getting connected with IPv6.

The negotiation of both runs the same way in the beginning:
2015-08-12 06:17:13.739 IPsec Client 17 (1.2.3.4:500 -> 192.168.188.9:500): A new IPsec client is created.
2015-08-12 06:17:13.739 IPsec IKE Session (IKE SA) 17 (Client: 17) (1.2.3.4:500 -> 192.168.188.9:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0xD54BBE2B4F5F6B9B, Responder Cookie: 0x3303466E5C2B3E29, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-1, Cipher Algorithm: 3DES-CBC, Cipher Key Size: 192 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2015-08-12 06:17:14.094 IPsec Client 17 (1.2.3.4:4500 -> 192.168.188.9:4500): The port number information of this client is updated.
2015-08-12 06:17:14.094 IPsec Client 17 (1.2.3.4:4500 -> 192.168.188.9:4500):
2015-08-12 06:17:14.104 IPsec IKE Session (IKE SA) 17 (Client: 17) (1.2.3.4:4500 -> 192.168.188.9:4500): This IKE SA is established between the server and the client.
2015-08-12 06:17:14.165 IPsec IKE Session (IKE SA) 17 (Client: 17) (1.2.3.4:4500 -> 192.168.188.9:4500): The client initiates a QuickMode negotiation.
2015-08-12 06:17:14.165 IPsec ESP Session (IPsec SA) 48 (Client: 17) (1.2.3.4:4500 -> 192.168.188.9:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0xF7F940A0, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 250000 Kbytes or 3600 seconds
2015-08-12 06:17:14.185 IPsec ESP Session (IPsec SA) 48 (Client: 17) (1.2.3.4:4500 -> 192.168.188.9:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x405F290, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 250000 Kbytes or 3600 seconds
2015-08-12 06:17:14.246 IPsec ESP Session (IPsec SA) 48 (Client: 17) (1.2.3.4:4500 -> 192.168.188.9:4500): This IPsec SA is established between the server and the client.

After reaching this step it goes different:
2015-08-12 06:17:14.256 IPsec Client 17 (1.2.3.4:4500 -> 5.6.7.8:4500): The L2TP Server Module is started.
This only happens with IPv4 but NOT IPv6.

On IPv6 the next message is:
2015-08-12 12:33:14.832 IPsec ESP Session (IPsec SA) 68 (Client: 32) (2a02:::::::1:500 -> 2003:::::::fa:500): This IPsec SA is deleted.

I have attached a wireshark screenshot for reference as well.

Does anyone have an idea what I am missing?

I would be helpful for some assistance.

Thx!

Andreas

[kh_tsang]

http://www.vpnusers.com/viewtopic.php?f ... Pv6#p12095

Last I knew, SoftEther L2TP/IPsec supports IPv4 over IPv4 only.

[andiling]

Thx... didn't find this while searching )-: