Community discussions

MikroTik App
  4. RouterOS
  5. General

IKEv2: initiator CONFIG payload only contains IPv6 attributes

Post Reply
 
User avatar
hike
just joined
Topic Author
Posts: 12
Joined: Mon May 18, 2020 1:44 pm

IKEv2: initiator CONFIG payload only contains IPv6 attributes

Tue Jun 23, 2020 1:28 pm

The vast majority of our roadwarrior clients provide the following CONFIG payload during IKEv2 AUTH:
Code: Select all
11:57:58 ipsec processing payload: CONFIG 
11:57:58 ipsec   attribute: internal IPv4 address 
11:57:58 ipsec   attribute: internal IPv4 DNS 
11:57:58 ipsec   attribute: internal IPv4 NBNS 
11:57:58 ipsec   attribute: MS internal IPv4 server 
11:57:58 ipsec   attribute: internal IPv6 address 
11:57:58 ipsec   attribute: internal IPv6 DNS 
11:57:58 ipsec   attribute: MS internal IPv6 server
However, some only send IPv6 fields:
Code: Select all
11:59:31 ipsec processing payload: CONFIG 
11:59:31 ipsec   attribute: internal IPv6 address 
11:59:31 ipsec   attribute: internal IPv6 DNS 
11:59:31 ipsec   attribute: MS internal IPv6 server
leading to an TS_UNACCEPTABLE answer from the receiver and an error message (no template matches, because we have no ip6 policy templates).

Does an IPv6 only CONFIG payload imply the user being in a IPv6-only LAN?
There are several reasons why this is very unlikely but that is the only explanation I could come up with.
Top
Post Reply

Who is online

Users browsing this forum: elico and 131 guests
  4. RouterOS
  5. General