<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Nachricht</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=325352014-25052004>Dear Gerhard,</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=325352014-25052004></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=325352014-25052004>I've followed what you wrote last time, so not so much
problems...</SPAN></FONT></DIV>
<DIV dir=ltr align=left><SPAN class=325352014-25052004></SPAN><FONT
face=Arial><FONT color=#0000ff><FONT size=2>T<SPAN class=325352014-25052004>ill
step 6, everything work well but I just want to know two
things:</SPAN></FONT></FONT></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=325352014-25052004></SPAN></FONT></FONT></FONT><FONT face=Arial><FONT
color=#0000ff><FONT size=2><SPAN
class=325352014-25052004> - First how do you configure
your connection for ipv6 in the ipsec.conf ???</SPAN></FONT></FONT></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=325352014-25052004> Look at
my connection : ipsec.conf : conn
satipv6</SPAN></FONT></FONT></FONT></DIV>
<DIV dir=ltr align=left><FONT><FONT color=#0000ff><FONT size=2><SPAN
class=325352014-25052004></SPAN></FONT></FONT></FONT><SPAN
class=325352014-25052004><FONT face=Arial color=#0000ff
size=2> auth=esp</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=325352014-25052004></SPAN><SPAN
class=325352014-25052004><FONT face=Arial color=#0000ff
size=2> left=2001:688:1f8b:1001::1</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=325352014-25052004><FONT face=Arial
color=#0000ff
size=2>
right=2001:688:1f8b:1001::2</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=325352014-25052004><FONT face=Arial
color=#0000ff
size=2> ....</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=325352014-25052004></SPAN><SPAN
class=325352014-25052004><FONT face=Arial color=#0000ff
size=2> when I load it, I get :
"satipv6 non-ipv6 adresse may not contain `:'
2001:688:1f8b:1001::11"</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=325352014-25052004></SPAN><SPAN
class=325352014-25052004><FONT face=Arial color=#0000ff
size=2> </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=325352014-25052004><FONT face=Arial
color=#0000ff size=2> - Explain me how does pluto work with
kernel 2.6 ??</FONT></SPAN></DIV>
<DIV><SPAN class=325352014-25052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325352014-25052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325352014-25052004><FONT face=Arial color=#0000ff size=2>Thank
you</FONT></SPAN></DIV>
<DIV dir=ltr align=left><BR></DIV>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Gessler Gerhard [mailto:Gessler@iabg.de]
<BR><B>Sent:</B> mardi 18 mai 2004 17:45<BR><B>To:</B> zze-DURBEC Mathieu
FTRD/DTL/ISS<BR><B>Cc:</B> users@lists.openswan.org<BR><B>Subject:</B> RE:
[Openswan Users] Openswan+Ipv6 probem....again....<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><SPAN class=909432815-18052004><FONT face=Arial color=#0000ff size=2>Dear
Mathieu,</FONT></SPAN></DIV>
<DIV><SPAN class=909432815-18052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=909432815-18052004><FONT face=Arial color=#0000ff size=2>would
strongly suggest to make your setup working in small steps:</FONT></SPAN></DIV>
<DIV><SPAN class=909432815-18052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=909432815-18052004><FONT face=Arial color=#0000ff size=2>1. Get
a recent 2.6 kernel to compile and run with its native IPsec for IPv6 support on
two systems</FONT></SPAN></DIV>
<DIV><SPAN class=909432815-18052004><FONT face=Arial color=#0000ff size=2>2.
Make youself familiar with manual keying and get that to work between the two
2.6 systems</FONT></SPAN></DIV>
<DIV><SPAN class=909432815-18052004><FONT face=Arial color=#0000ff size=2>3.
Install preferable OpenSWAN 2.x by only compiling / installing the programs,
don't use KLIPS</FONT></SPAN></DIV>
<DIV><SPAN class=909432815-18052004><FONT face=Arial color=#0000ff size=2>4.
Manually load a IPv6 connection with PSK authentication into Pluto using whack,
e.g.</FONT></SPAN></DIV>
<DIV><SPAN class=909432815-18052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2>ipsec setup --start</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2>ipsec whack --name satipv6 --ipv6
--tunnelipv6 --host <SPAN class=909432815-18052004>3ffe</SPAN>:660:3008:1701::1
--<SPAN class=909432815-18052004>3ffe</SPAN>:660:3008:1701::1/<SPAN
class=909432815-18052004>128</SPAN> --to --host <SPAN
class=909432815-18052004>3ffe</SPAN>:660:3008:1701:<SPAN
class=909432815-18052004>:</SPAN>2 --client <SPAN
class=909432815-18052004>3ffe</SPAN>:660:3008:1701::<SPAN
class=909432815-18052004>2</SPAN>/<SPAN class=909432815-18052004>128</SPAN>
--psk --encrypt --pfs --ikelifetime 600 --ipseclifetime 300 --rekeymargin
20<BR>ipsec whack --listen<BR>ipsec whack --initiate --name
satipv6<BR></FONT></DIV>
<DIV><SPAN class=909432815-18052004><FONT face=Arial color=#0000ff size=2>5.
Give the latest CVS version with the contribution of Mikael a try to load a IPv6
connection with</FONT></SPAN></DIV>
<DIV><SPAN class=909432815-18052004>
<DIV><FONT face=Arial color=#0000ff size=2>ipsec setup --start</FONT></DIV>
<DIV><SPAN class=909432815-18052004><FONT face=Arial color=#0000ff size=2>ipsec
auto --add satipv6</FONT></SPAN></DIV>
<DIV><SPAN class=909432815-18052004><FONT face=Arial color=#0000ff size=2>ipsec
auto --initiate satipv6</FONT></SPAN></DIV>
<DIV><SPAN class=909432815-18052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=909432815-18052004><FONT face=Arial color=#0000ff size=2>6.
Change the used authentication from PSK to RSA keys</FONT></SPAN></DIV>
<DIV><SPAN class=909432815-18052004><FONT face=Arial color=#0000ff size=2>7. Put
the RSA keys into your DNS for OE and have a look if that works. For myself, I
have never tried this, so it could well be that the code would need some
tweaking to actually retrieve and process AAAA records.</FONT></SPAN></DIV>
<DIV><SPAN class=909432815-18052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=909432815-18052004><FONT face=Arial color=#0000ff size=2>Hope
this helps,</FONT></SPAN></DIV>
<DIV><SPAN class=909432815-18052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=909432815-18052004> <FONT face=Arial
color=#0000ff size=2>Gerhard</FONT></SPAN></DIV></SPAN></DIV><!-- Converted from text/plain format -->
<P><FONT size=2>--------------------------------------------<BR>Gerhard
Gessler<BR><BR>Communication Networks, IABG mbH<BR>Einsteinstr. 20<BR>85521
Ottobrunn, Germany<BR><BR>Telefon: +49 89 6088 - 2021<BR>Fax: +49 89 6088 -
2845<BR><BR>E-Mail: gessler@iabg.de </FONT></P>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=OutlookMessageHeader lang=de dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> zze-DURBEC Mathieu
FTRD/DTL/ISS [mailto:mathieu.durbec@rd.francetelecom.com] <BR><B>Sent:</B>
Tuesday, May 18, 2004 12:42 PM<BR><B>To:</B> Gessler Gerhard<BR><B>Cc:</B>
users@lists.openswan.org<BR><B>Subject:</B> RE: [Openswan Users] Openswan+Ipv6
probem....again....<BR><BR></FONT></DIV>
<DIV dir=ltr align=left><SPAN class=329014007-18052004><FONT face=Arial
color=#0000ff size=2>Dear Gehard,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=329014007-18052004><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=329014007-18052004><FONT face=Arial
color=#0000ff size=2>I understand that you can't use both FreeSWAN KLIPS and
native kernel IPsec...</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=329014007-18052004><FONT face=Arial
color=#0000ff size=2>But i can't find a solution to do what I
need.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=329014007-18052004><FONT face=Arial
color=#0000ff size=2>What I have to do is to setup oppotunistic encryption
with ipv6 on a linux system.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=329014007-18052004><FONT face=Arial
color=#0000ff size=2>That's why I try to install a new kernel which could
bring me ipv6 support.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=329014007-18052004><FONT face=Arial
color=#0000ff size=2>But I've heard that you can't do opportunistic encryption
with new kernels ( > 2.6 )...</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=329014007-18052004><FONT face=Arial
color=#0000ff size=2>Do you know what I should use
(kernel, FreesWan or OpenSWAN, which patch ?) ??</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=329014007-18052004><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=329014007-18052004><FONT face=Arial
color=#0000ff size=2>Thank you </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=329014007-18052004><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=329014007-18052004><FONT face=Arial
color=#0000ff size=2>Matt</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=329014007-18052004></SPAN> </DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Gessler Gerhard [mailto:Gessler@iabg.de]
<BR><B>Sent:</B> vendredi 14 mai 2004 21:37<BR><B>To:</B> zze-DURBEC Mathieu
FTRD/DTL/ISS<BR><B>Cc:</B> users@lists.openswan.org<BR><B>Subject:</B> RE:
[Openswan Users] Openswan+Ipv6 probem....again....<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff size=2>Dear
Mathieu,</FONT></SPAN></DIV>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff
size=2>A</FONT></SPAN><SPAN class=984152919-14052004><FONT face=Arial
color=#0000ff size=2>fter having taken a look at the output of "ipsec
look", I am not clear if I understand what you want to do:</FONT></SPAN></DIV>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV>
<DIV><FONT face=Arial color=#0000ff size=2>ipsec0->eth0
mtu=16260(1500)->1500</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2>Destination
Gateway Genmask Flags
MSS Window irtt
Iface</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2>192.1680.0.0
0.0.0.0 255.255.255.0 U
0
0
0 eth0</FONT></DIV>
<DIV>
<DIV><FONT face=Arial color=#0000ff size=2>192.1680.0.0
0.0.0.0 255.255.255.0 U
0
0
0 ipsec0</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV></DIV></DIV>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff size=2>This
tells me that you have a kernel with FreeSWAN KLIPS compiled and loaded.
FreeSWAN KLIPS does not support IPv6. For having running IPsec for IPv6 use
either a 2.4.x (x>24) with ipsec backport or a recent 2.6.x kernel. Don't
compile those kernels with KLIPS support as it is not possible to have both
KLIPS and kernel ipsec!!!!</FONT></SPAN></DIV>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff size=2>All
information that I have given in my previous mails assumed that kernel 2.6.x
and Openswan 2.1.x is used. The patches Mikael provided assumed also that
kernel ipsec is used and *not* KLIPS.</FONT></SPAN></DIV>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff size=2>Hope
this helps,</FONT></SPAN></DIV>
<DIV><SPAN class=984152919-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=984152919-14052004> <FONT face=Arial
color=#0000ff size=2>Gerhard</FONT></SPAN></DIV><!-- Converted from text/plain format -->
<P><FONT size=2>--------------------------------------------<BR>Gerhard
Gessler<BR><BR>Communication Networks, IABG mbH<BR>Einsteinstr. 20<BR>85521
Ottobrunn, Germany<BR><BR>Telefon: +49 89 6088 - 2021<BR>Fax: +49 89 6088 -
2845<BR><BR>E-Mail: gessler@iabg.de </FONT></P>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=OutlookMessageHeader lang=de dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> zze-DURBEC Mathieu
FTRD/DTL/ISS [mailto:mathieu.durbec@rd.francetelecom.com] <BR><B>Sent:</B>
Friday, May 14, 2004 11:27 AM<BR><B>To:</B> Gessler Gerhard<BR><B>Cc:</B>
users@lists.openswan.org<BR><B>Subject:</B> RE: [Openswan Users]
Openswan+Ipv6 probem....again....<BR><BR></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=088271109-14052004>Hi Gerhard,</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=088271109-14052004></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=088271109-14052004>First, thank you for help, that's very
nice....</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=088271109-14052004>I've changed my config, but I think it doesn't
matter. The problem is before...</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=088271109-14052004>I've tried to set up an automatic keying connection
(in ipsec.conf with command ipsec auto --up connection) , but when I put
ipv6 adress, it doesn't recognize the connection....</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=088271109-14052004>"021 no connection named "v6" "</SPAN></FONT></DIV>
<DIV><FONT face=Arial><FONT color=#0000ff><FONT size=2>I'm not surp<SPAN
class=088271109-14052004>r</SPAN>ised..<SPAN
class=088271109-14052004>.</SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2>When I start the ipsec service,
the "ipsec look" command shows :</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2>ipsec0->eth0
mtu=16260(1500)->1500</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2>Destination
Gateway Genmask Flags
MSS Window irtt
Iface</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2>192.1680.0.0
0.0.0.0 255.255.255.0
U
0
0
0 eth0</FONT></DIV>
<DIV>
<DIV><FONT face=Arial color=#0000ff size=2>192.1680.0.0
0.0.0.0 255.255.255.0
U
0
0
0 ipsec0</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2>and when I execute ifconfig, it
shows me the ipsec0 virtual interface, with both ipv4 adress and ipv6 local
link but no the <SPAN class=088271109-14052004>ipv6 </SPAN><SPAN
class=088271109-14052004>glo</SPAN>bal one....</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=088271109-14052004><FONT face=Arial color=#0000ff
size=2>I'm trying now to set up a manual keying connection to test
it...</FONT></SPAN></DIV>
<DIV><SPAN class=088271109-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=088271109-14052004><FONT face=Arial color=#0000ff
size=2>Well it doesn't work..</FONT></SPAN></DIV>
<DIV><SPAN class=088271109-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=088271109-14052004><FONT face=Arial color=#0000ff
size=2>What do you think ?</FONT></SPAN></DIV>
<DIV><SPAN class=088271109-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=088271109-14052004><FONT face=Arial color=#0000ff
size=2>Matt</FONT></SPAN></DIV></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><BR></DIV>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Gessler Gerhard
[mailto:Gessler@iabg.de] <BR><B>Sent:</B> vendredi 14 mai 2004
07:39<BR><B>To:</B> zze-DURBEC Mathieu FTRD/DTL/ISS<BR><B>Cc:</B>
users@lists.openswan.org<BR><B>Subject:</B> RE: [Openswan Users]
Openswan+Ipv6 probem....again....<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><SPAN class=067003005-14052004><FONT face=Arial color=#0000ff size=2>Hi
Mathieu,</FONT></SPAN></DIV>
<DIV><SPAN class=067003005-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=067003005-14052004><FONT face=Arial color=#0000ff size=2>at
first look, your global IPv6 address configuration seems to be not correct.
According to your ifconfig output, the prefix length is 0. A prefix length
of 64 seems to me more appropriate. Second, the prefix length for your link
local address is 64. That is quite wired as I would normaly assume to be it
10. Third,</FONT></SPAN><SPAN class=067003005-14052004><FONT face=Arial
color=#0000ff size=2> as Mikael already pointed out, it could well be that
Pluto does not like the fact that no IPv4 address is assigned to the
interface. If you only want to work with IPv6, it does not hurt to have an
(e.g. private) IPv4 address assigned.</FONT></SPAN></DIV>
<DIV><SPAN class=067003005-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=067003005-14052004><FONT face=Arial color=#0000ff
size=2>How do yo (in the current example) try to setup your SA? (1) With
configuration in ipsec.conf (after having applied Mikaels patches) or (2)
with a manual command to Whack and Pluto. In both cases, we would need to
have the used configuration to help you further.</FONT></SPAN></DIV>
<DIV><SPAN class=067003005-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=067003005-14052004><FONT face=Arial color=#0000ff
size=2>Cheers,</FONT></SPAN></DIV>
<DIV><SPAN class=067003005-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=067003005-14052004> <FONT face=Arial
color=#0000ff size=2>Gerhard</FONT></SPAN></DIV>
<DIV><SPAN class=067003005-14052004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV><!-- Converted from text/plain format -->
<P><FONT size=2>--------------------------------------------<BR>Gerhard
Gessler<BR><BR>Communication Networks, IABG mbH<BR>Einsteinstr. 20<BR>85521
Ottobrunn, Germany<BR><BR>Telefon: +49 89 6088 - 2021<BR>Fax: +49 89 6088 -
2845<BR><BR>E-Mail: gessler@iabg.de </FONT></P>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=OutlookMessageHeader lang=de dir=ltr align=left><FONT
face=Tahoma size=2>-----Original Message-----<BR><B>From:</B>
users-bounces@lists.openswan.org [mailto:users-bounces@lists.openswan.org]
<B>On Behalf Of </B>zze-DURBEC Mathieu FTRD/DTL/ISS<BR><B>Sent:</B>
Thursday, May 13, 2004 4:41 PM<BR><B>To:</B>
users@lists.openswan.org<BR><B>Subject:</B> [Openswan Users] Openswan+Ipv6
probem....again....<BR><BR></FONT></DIV><!-- Converted from text/rtf format -->
<P><SPAN lang=fr><FONT face=Arial size=2>Hi,</FONT></SPAN> <BR><SPAN
lang=fr><FONT face=Arial size=2>I've been trying for days to set up
OpenSWAN with IPv6 support…</FONT></SPAN> <BR><SPAN lang=fr><FONT
face=Arial size=2>So, I'am using the 2.1.1 version patched with Mikael
Magnusson'patch..</FONT></SPAN> <BR><SPAN lang=fr><FONT face=Arial
size=2>It doesn't seem to work with ipv6 :,-(</FONT></SPAN>
<BR><SPAN lang=fr><FONT face=Arial size=2>Here's my config</FONT></SPAN>
</P>
<P><SPAN lang=fr><B><FONT face=Arial size=2>Ifconfig :</FONT></B></SPAN>
</P>
<P><SPAN lang=fr><FONT face=Arial color=#000000
size=2>eth0 Lien encap:Ethernet HWaddr
08:00:46:A8:E2:3B </FONT></SPAN><BR><SPAN lang=fr><FONT face=Arial
color=#000000
size=2> adr inet6:
2001:688:1f8b:a000::1/0 Scope:Global</FONT></SPAN> <BR><SPAN lang=fr><FONT
face=Arial color=#000000
size=2> adr inet6:
fe80::a00:46ff:fea8:e23b/64 Scope:Lien</FONT></SPAN> <BR><SPAN
lang=fr><FONT face=Arial color=#000000
size=2> UP BROADCAST
RUNNING MULTICAST MTU:1500 Metric:1</FONT></SPAN> <BR><SPAN
lang=fr><FONT face=Arial color=#000000
size=2> RX
packets:3530 errors:0 dropped:0 overruns:0 frame:0</FONT></SPAN> <BR><SPAN
lang=fr><FONT face=Arial color=#000000
size=2> TX
packets:14 errors:0 dropped:0 overruns:0 carrier:0</FONT></SPAN> <BR><SPAN
lang=fr><FONT face=Arial color=#000000
size=2> collisions:0
lg file transmission:100 </FONT></SPAN><BR><SPAN lang=fr><FONT face=Arial
color=#000000
size=2> RX
bytes:211800 (206.8 Kb) TX bytes:964 (964.0 b)</FONT></SPAN>
<BR><SPAN lang=fr><FONT face=Arial color=#000000
size=2>
Interruption:11 Adresse de base:0x2000 </FONT></SPAN></P>
<P><SPAN lang=fr><B><FONT face=Arial color=#000000 size=2>Route
:</FONT></B></SPAN> </P>
<P><SPAN lang=fr><FONT face=Arial color=#000000 size=2>Table de routage
IPv6 du noyau</FONT></SPAN> <BR><SPAN lang=fr><FONT face=Arial
color=#000000
size=2>Destination
Prochain
Hop
Indic Metric Ref Utilis. Iface</FONT></SPAN> <BR><SPAN
lang=fr><FONT face=Arial color=#000000
size=2>::1/128
::
U 0
11 1 lo
</FONT></SPAN><BR><SPAN lang=fr><FONT face=Arial color=#000000
size=2>2001:688:1f8b:a000::1/128
::
U 0
3 0
lo </FONT></SPAN><BR><SPAN lang=fr><FONT
face=Arial color=#000000
size=2>fe80::209:5bff:fe1e:791/128
::
U 0
0 0
lo </FONT></SPAN><BR><SPAN lang=fr><FONT
face=Arial color=#000000
size=2>fe80::a00:46ff:fea8:e23b/128
::
U 0
0 0
lo </FONT></SPAN><BR><SPAN lang=fr><FONT
face=Arial color=#000000
size=2>fe80::/64
::
UA 256
0 0 eth0
</FONT></SPAN><BR><SPAN lang=fr><FONT face=Arial color=#000000
size=2>fe80::/64
::
UA 256
0 0 eth1
</FONT></SPAN><BR><SPAN lang=fr><FONT face=Arial color=#000000
size=2>ff00::/8
::
UA 256
0 0 eth0
</FONT></SPAN><BR><SPAN lang=fr><FONT face=Arial color=#000000
size=2>ff00::/8
::
UA 256
0 0 eth1
</FONT></SPAN><BR><SPAN lang=fr><FONT face=Arial color=#000000
size=2>::/0
::
UDA 256
0 0 eth0
</FONT></SPAN><BR><SPAN lang=fr><FONT face=Arial color=#000000
size=2>::/0
::
UDA 256
0 0 eth1
</FONT></SPAN></P>
<P><SPAN lang=fr><B><FONT face=Arial color=#000000 size=2>And
ipsec.conf</FONT></B></SPAN> </P>
<P><SPAN lang=fr><FONT face=Arial color=#000000 size=2># /etc/ipsec.conf -
FreeS/WAN IPsec configuration file</FONT></SPAN> <BR><SPAN lang=fr><FONT
face=Arial color=#000000 size=2># RCSID $Id: ipsec.conf.in,v 1.11
2003/06/13 23:28:41 sam Exp $</FONT></SPAN> </P>
<P><SPAN lang=fr><FONT face=Arial color=#000000 size=2># This file:
/usr/local/share/doc/freeswan/ipsec.conf-sample</FONT></SPAN> <BR><SPAN
lang=fr><FONT face=Arial color=#000000 size=2>#</FONT></SPAN> <BR><SPAN
lang=fr><FONT face=Arial color=#000000 size=2>#
Manual: ipsec.conf.5</FONT></SPAN> <BR><SPAN
lang=fr><FONT face=Arial color=#000000 size=2>#</FONT></SPAN> </P>
<P><SPAN lang=fr><FONT face=Arial color=#000000 size=2>version
2.0 # conforms to second version of ipsec.conf
specification</FONT></SPAN> </P>
<P><SPAN lang=fr><FONT face=Arial color=#000000 size=2># basic
configuration</FONT></SPAN> <BR><SPAN lang=fr><FONT face=Arial
color=#000000 size=2>config setup</FONT></SPAN> <BR><SPAN
lang=fr> <FONT face=Arial
color=#000000 size=2>forwardcontrol=yes</FONT></SPAN> <BR><SPAN
lang=fr> <FONT face=Arial
color=#000000 size=2>interfaces="ipsec0=eth0"</FONT></SPAN> <BR><SPAN
lang=fr> <FONT face=Arial
color=#000000 size=2>uniqueids=yes</FONT></SPAN> <BR><SPAN
lang=fr> <FONT face=Arial
color=#000000 size=2># Debug-logging controls: "none" for (almost)
none, "all" for lots.</FONT></SPAN> <BR><SPAN
lang=fr> <FONT face=Arial
color=#000000 size=2>klipsdebug=all</FONT></SPAN> <BR><SPAN
lang=fr> <FONT face=Arial
color=#000000 size=2>plutodebug=all</FONT></SPAN> <BR><SPAN
lang=fr> <FONT face=Arial
color=#000000 size=2>syslog=syslog.debug</FONT></SPAN> </P><BR>
<P><SPAN lang=fr><FONT face=Arial color=#000000 size=2>Does someone manage
to make it work ???</FONT></SPAN> </P>
<P><SPAN lang=fr><FONT face=Arial color=#000000 size=2>Thanks
</FONT></SPAN></P>
<P><SPAN lang=fr><FONT face=Arial color=#000000 size=2>Matt</FONT></SPAN>
</P></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>