<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Nachricht</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff size=2>Dear
Mathieu,</FONT></SPAN></DIV>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff
size=2>A</FONT></SPAN><SPAN class=984152919-14052004><FONT face=Arial
color=#0000ff size=2>fter having taken a look at the output of "ipsec
look", I am not clear if I understand what you want to do:</FONT></SPAN></DIV>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV>
<DIV><FONT face=Arial color=#0000ff size=2>ipsec0->eth0
mtu=16260(1500)->1500</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2>Destination
Gateway Genmask Flags
MSS Window irtt
Iface</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2>192.1680.0.0
0.0.0.0 255.255.255.0 U
0
0
0 eth0</FONT></DIV>
<DIV>
<DIV><FONT face=Arial color=#0000ff size=2>192.1680.0.0
0.0.0.0 255.255.255.0 U
0
0
0 ipsec0</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV></DIV></DIV>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff size=2>This
tells me that you have a kernel with FreeSWAN KLIPS compiled and loaded.
FreeSWAN KLIPS does not support IPv6. For having running IPsec for IPv6 use
either a 2.4.x (x>24) with ipsec backport or a recent 2.6.x kernel. Don't
compile those kernels with KLIPS support as it is not possible to have both
KLIPS and kernel ipsec!!!!</FONT></SPAN></DIV>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff size=2>All
information that I have given in my previous mails assumed that kernel 2.6.x and
Openswan 2.1.x is used. The patches Mikael provided assumed also that kernel
ipsec is used and *not* KLIPS.</FONT></SPAN></DIV>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff size=2>Hope
this helps,</FONT></SPAN></DIV>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=984152919-14052004> <FONT face=Arial
color=#0000ff size=2>Gerhard</FONT></SPAN></DIV><!-- Converted from text/plain format -->
<P><FONT size=2>--------------------------------------------<BR>Gerhard
Gessler<BR><BR>Communication Networks, IABG mbH<BR>Einsteinstr. 20<BR>85521
Ottobrunn, Germany<BR><BR>Telefon: +49 89 6088 - 2021<BR>Fax: +49 89 6088 -
2845<BR><BR>E-Mail: gessler@iabg.de </FONT></P>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=OutlookMessageHeader lang=de dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> zze-DURBEC Mathieu
FTRD/DTL/ISS [mailto:mathieu.durbec@rd.francetelecom.com] <BR><B>Sent:</B>
Friday, May 14, 2004 11:27 AM<BR><B>To:</B> Gessler Gerhard<BR><B>Cc:</B>
users@lists.openswan.org<BR><B>Subject:</B> RE: [Openswan Users] Openswan+Ipv6
probem....again....<BR><BR></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=088271109-14052004>Hi Gerhard,</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=088271109-14052004></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=088271109-14052004>First, thank you for help, that's very
nice....</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=088271109-14052004>I've changed my config, but I think it doesn't
matter. The problem is before...</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=088271109-14052004>I've tried to set up an automatic keying connection
(in ipsec.conf with command ipsec auto --up connection) , but when I put ipv6
adress, it doesn't recognize the connection....</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=088271109-14052004>"021 no connection named "v6" "</SPAN></FONT></DIV>
<DIV><FONT face=Arial><FONT color=#0000ff><FONT size=2>I'm not surp<SPAN
class=088271109-14052004>r</SPAN>ised..<SPAN
class=088271109-14052004>.</SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2>When I start the ipsec service, the
"ipsec look" command shows :</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2>ipsec0->eth0
mtu=16260(1500)->1500</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2>Destination
Gateway Genmask Flags
MSS Window irtt
Iface</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2>192.1680.0.0
0.0.0.0 255.255.255.0 U
0
0
0 eth0</FONT></DIV>
<DIV>
<DIV><FONT face=Arial color=#0000ff size=2>192.1680.0.0
0.0.0.0 255.255.255.0 U
0
0
0 ipsec0</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2>and when I execute ifconfig, it
shows me the ipsec0 virtual interface, with both ipv4 adress and ipv6 local
link but no the <SPAN class=088271109-14052004>ipv6 </SPAN><SPAN
class=088271109-14052004>glo</SPAN>bal one....</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=088271109-14052004><FONT face=Arial color=#0000ff size=2>I'm
trying now to set up a manual keying connection to test
it...</FONT></SPAN></DIV>
<DIV><SPAN class=088271109-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=088271109-14052004><FONT face=Arial color=#0000ff size=2>Well
it doesn't work..</FONT></SPAN></DIV>
<DIV><SPAN class=088271109-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=088271109-14052004><FONT face=Arial color=#0000ff size=2>What
do you think ?</FONT></SPAN></DIV>
<DIV><SPAN class=088271109-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=088271109-14052004><FONT face=Arial color=#0000ff
size=2>Matt</FONT></SPAN></DIV></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><BR></DIV>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Gessler Gerhard [mailto:Gessler@iabg.de]
<BR><B>Sent:</B> vendredi 14 mai 2004 07:39<BR><B>To:</B> zze-DURBEC Mathieu
FTRD/DTL/ISS<BR><B>Cc:</B> users@lists.openswan.org<BR><B>Subject:</B> RE:
[Openswan Users] Openswan+Ipv6 probem....again....<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><SPAN class=067003005-14052004><FONT face=Arial color=#0000ff size=2>Hi
Mathieu,</FONT></SPAN></DIV>
<DIV><SPAN class=067003005-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=067003005-14052004><FONT face=Arial color=#0000ff size=2>at
first look, your global IPv6 address configuration seems to be not correct.
According to your ifconfig output, the prefix length is 0. A prefix length of
64 seems to me more appropriate. Second, the prefix length for your link local
address is 64. That is quite wired as I would normaly assume to be it 10.
Third,</FONT></SPAN><SPAN class=067003005-14052004><FONT face=Arial
color=#0000ff size=2> as Mikael already pointed out, it could well be that
Pluto does not like the fact that no IPv4 address is assigned to the
interface. If you only want to work with IPv6, it does not hurt to have an
(e.g. private) IPv4 address assigned.</FONT></SPAN></DIV>
<DIV><SPAN class=067003005-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=067003005-14052004><FONT face=Arial color=#0000ff size=2>How
do yo (in the current example) try to setup your SA? (1) With configuration in
ipsec.conf (after having applied Mikaels patches) or (2) with a manual command
to Whack and Pluto. In both cases, we would need to have the used
configuration to help you further.</FONT></SPAN></DIV>
<DIV><SPAN class=067003005-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=067003005-14052004><FONT face=Arial color=#0000ff
size=2>Cheers,</FONT></SPAN></DIV>
<DIV><SPAN class=067003005-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=067003005-14052004> <FONT face=Arial
color=#0000ff size=2>Gerhard</FONT></SPAN></DIV>
<DIV><SPAN class=067003005-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV><!-- Converted from text/plain format -->
<P><FONT size=2>--------------------------------------------<BR>Gerhard
Gessler<BR><BR>Communication Networks, IABG mbH<BR>Einsteinstr. 20<BR>85521
Ottobrunn, Germany<BR><BR>Telefon: +49 89 6088 - 2021<BR>Fax: +49 89 6088 -
2845<BR><BR>E-Mail: gessler@iabg.de </FONT></P>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=OutlookMessageHeader lang=de dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B>
users-bounces@lists.openswan.org [mailto:users-bounces@lists.openswan.org]
<B>On Behalf Of </B>zze-DURBEC Mathieu FTRD/DTL/ISS<BR><B>Sent:</B>
Thursday, May 13, 2004 4:41 PM<BR><B>To:</B>
users@lists.openswan.org<BR><B>Subject:</B> [Openswan Users] Openswan+Ipv6
probem....again....<BR><BR></FONT></DIV><!-- Converted from text/rtf format -->
<P><SPAN lang=fr><FONT face=Arial size=2>Hi,</FONT></SPAN> <BR><SPAN
lang=fr><FONT face=Arial size=2>I've been trying for days to set up OpenSWAN
with IPv6 support…</FONT></SPAN> <BR><SPAN lang=fr><FONT face=Arial
size=2>So, I'am using the 2.1.1 version patched with Mikael
Magnusson'patch..</FONT></SPAN> <BR><SPAN lang=fr><FONT face=Arial size=2>It
doesn't seem to work with ipv6 :,-(</FONT></SPAN> <BR><SPAN
lang=fr><FONT face=Arial size=2>Here's my config</FONT></SPAN> </P>
<P><SPAN lang=fr><B><FONT face=Arial size=2>Ifconfig :</FONT></B></SPAN>
</P>
<P><SPAN lang=fr><FONT face=Arial color=#000000
size=2>eth0 Lien encap:Ethernet HWaddr
08:00:46:A8:E2:3B </FONT></SPAN><BR><SPAN lang=fr><FONT face=Arial
color=#000000 size=2>
adr inet6: 2001:688:1f8b:a000::1/0 Scope:Global</FONT></SPAN> <BR><SPAN
lang=fr><FONT face=Arial color=#000000
size=2> adr inet6:
fe80::a00:46ff:fea8:e23b/64 Scope:Lien</FONT></SPAN> <BR><SPAN lang=fr><FONT
face=Arial color=#000000
size=2> UP BROADCAST
RUNNING MULTICAST MTU:1500 Metric:1</FONT></SPAN> <BR><SPAN
lang=fr><FONT face=Arial color=#000000
size=2> RX
packets:3530 errors:0 dropped:0 overruns:0 frame:0</FONT></SPAN> <BR><SPAN
lang=fr><FONT face=Arial color=#000000
size=2> TX packets:14
errors:0 dropped:0 overruns:0 carrier:0</FONT></SPAN> <BR><SPAN
lang=fr><FONT face=Arial color=#000000
size=2> collisions:0
lg file transmission:100 </FONT></SPAN><BR><SPAN lang=fr><FONT face=Arial
color=#000000 size=2>
RX bytes:211800 (206.8 Kb) TX bytes:964 (964.0 b)</FONT></SPAN>
<BR><SPAN lang=fr><FONT face=Arial color=#000000
size=2>
Interruption:11 Adresse de base:0x2000 </FONT></SPAN></P>
<P><SPAN lang=fr><B><FONT face=Arial color=#000000 size=2>Route
:</FONT></B></SPAN> </P>
<P><SPAN lang=fr><FONT face=Arial color=#000000 size=2>Table de routage IPv6
du noyau</FONT></SPAN> <BR><SPAN lang=fr><FONT face=Arial color=#000000
size=2>Destination
Prochain
Hop
Indic Metric Ref Utilis. Iface</FONT></SPAN> <BR><SPAN
lang=fr><FONT face=Arial color=#000000
size=2>::1/128
::
U 0
11 1 lo
</FONT></SPAN><BR><SPAN lang=fr><FONT face=Arial color=#000000
size=2>2001:688:1f8b:a000::1/128
::
U 0
3 0
lo </FONT></SPAN><BR><SPAN lang=fr><FONT
face=Arial color=#000000
size=2>fe80::209:5bff:fe1e:791/128
::
U 0
0 0
lo </FONT></SPAN><BR><SPAN lang=fr><FONT
face=Arial color=#000000
size=2>fe80::a00:46ff:fea8:e23b/128
::
U 0
0 0
lo </FONT></SPAN><BR><SPAN lang=fr><FONT
face=Arial color=#000000
size=2>fe80::/64
::
UA 256
0 0 eth0
</FONT></SPAN><BR><SPAN lang=fr><FONT face=Arial color=#000000
size=2>fe80::/64
::
UA 256
0 0 eth1
</FONT></SPAN><BR><SPAN lang=fr><FONT face=Arial color=#000000
size=2>ff00::/8
::
UA 256
0 0 eth0
</FONT></SPAN><BR><SPAN lang=fr><FONT face=Arial color=#000000
size=2>ff00::/8
::
UA 256
0 0 eth1
</FONT></SPAN><BR><SPAN lang=fr><FONT face=Arial color=#000000
size=2>::/0
::
UDA 256
0 0 eth0
</FONT></SPAN><BR><SPAN lang=fr><FONT face=Arial color=#000000
size=2>::/0
::
UDA 256
0 0 eth1
</FONT></SPAN></P>
<P><SPAN lang=fr><B><FONT face=Arial color=#000000 size=2>And
ipsec.conf</FONT></B></SPAN> </P>
<P><SPAN lang=fr><FONT face=Arial color=#000000 size=2># /etc/ipsec.conf -
FreeS/WAN IPsec configuration file</FONT></SPAN> <BR><SPAN lang=fr><FONT
face=Arial color=#000000 size=2># RCSID $Id: ipsec.conf.in,v 1.11 2003/06/13
23:28:41 sam Exp $</FONT></SPAN> </P>
<P><SPAN lang=fr><FONT face=Arial color=#000000 size=2># This file:
/usr/local/share/doc/freeswan/ipsec.conf-sample</FONT></SPAN> <BR><SPAN
lang=fr><FONT face=Arial color=#000000 size=2>#</FONT></SPAN> <BR><SPAN
lang=fr><FONT face=Arial color=#000000 size=2>#
Manual: ipsec.conf.5</FONT></SPAN> <BR><SPAN
lang=fr><FONT face=Arial color=#000000 size=2>#</FONT></SPAN> </P>
<P><SPAN lang=fr><FONT face=Arial color=#000000 size=2>version
2.0 # conforms to second version of ipsec.conf
specification</FONT></SPAN> </P>
<P><SPAN lang=fr><FONT face=Arial color=#000000 size=2># basic
configuration</FONT></SPAN> <BR><SPAN lang=fr><FONT face=Arial color=#000000
size=2>config setup</FONT></SPAN> <BR><SPAN
lang=fr> <FONT face=Arial
color=#000000 size=2>forwardcontrol=yes</FONT></SPAN> <BR><SPAN
lang=fr> <FONT face=Arial
color=#000000 size=2>interfaces="ipsec0=eth0"</FONT></SPAN> <BR><SPAN
lang=fr> <FONT face=Arial
color=#000000 size=2>uniqueids=yes</FONT></SPAN> <BR><SPAN
lang=fr> <FONT face=Arial
color=#000000 size=2># Debug-logging controls: "none" for (almost)
none, "all" for lots.</FONT></SPAN> <BR><SPAN
lang=fr> <FONT face=Arial
color=#000000 size=2>klipsdebug=all</FONT></SPAN> <BR><SPAN
lang=fr> <FONT face=Arial
color=#000000 size=2>plutodebug=all</FONT></SPAN> <BR><SPAN
lang=fr> <FONT face=Arial
color=#000000 size=2>syslog=syslog.debug</FONT></SPAN> </P><BR>
<P><SPAN lang=fr><FONT face=Arial color=#000000 size=2>Does someone manage
to make it work ???</FONT></SPAN> </P>
<P><SPAN lang=fr><FONT face=Arial color=#000000 size=2>Thanks
</FONT></SPAN></P>
<P><SPAN lang=fr><FONT face=Arial color=#000000 size=2>Matt</FONT></SPAN>
</P></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>