<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Malgun Gothic";
panose-1:2 11 5 3 2 0 0 2 0 4;}
@font-face
{font-family:"Malgun Gothic";
panose-1:2 11 5 3 2 0 0 2 0 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
text-align:justify;
text-justify:inter-ideograph;
text-autospace:none;
word-break:break-hangul;
font-size:10.0pt;
font-family:"Malgun Gothic";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"\AE00\C790\B9CC Char";
margin:0cm;
margin-bottom:.0001pt;
text-autospace:none;
word-break:break-hangul;
font-size:10.0pt;
font-family:"Courier New";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Malgun Gothic";
color:windowtext;}
span.Char
{mso-style-name:"\AE00\C790\B9CC Char";
mso-style-priority:99;
mso-style-link:\AE00\C790\B9CC;
font-family:"Courier New";}
.MsoChpDefault
{mso-style-type:export-only;}
/* Page Definitions */
@page Section1
{size:612.0pt 792.0pt;
margin:3.0cm 72.0pt 72.0pt 72.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=KO link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span lang=EN-US>Hello.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>We are using Openswan-2.4.7 on Linux-2.6.20
NETKEY for our router products.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>I</span>’<span lang=EN-US>ve tried to
build a ipv6 tunnel between openswan and cisco 3825. But I</span>’<span
lang=EN-US>ve got a strange <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>error message. when I tried to connect to
the vpn gateway with cisco.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
|--------------------| 2007::11/64 |--------------------|<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> any subnet ------
| Openswan | ----- IPsec Tunnel -----
| Cisco 3825 | ------ any subnet<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
100::1/64 |
________________|
2007::22/64 | ________________| 200::1/64<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Openswan Error : peer client ID payload
ID_IPV6_ADDR_SUBNET wrong length in Quick I1<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>we tried to build the ipv6 tunnel by the instruction
in the following cisco website pages.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><a
href="http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080573b9c.html">http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080573b9c.html</a><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>------------------------- Openswan config
---------------------------------------------------------<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>bash-3.00# cat /etc/ipsec.conf<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US># /etc/ipsec.conf - FreeS/WAN IPsec
configuration file<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US># More elaborate and more varied sample
configurations can be found<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US># in FreeS/WAN's doc/examples file, and in
the HTML documentation.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>version 2.0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US># basic configuration<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>config setup<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
# THIS SETTING MUST BE CORRECT or almost nothing will work;<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
# %defaultroute is okay for most simple cases.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
interfaces="ipsec0=eth0"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
# Debug-logging controls: "none" for (almost) none,
"all" for lots.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
klipsdebug=none<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
plutodebug=none<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
# Use auto= parameters in conn descriptions to control startup actions.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
# Close down old connection when new one using same ID shows up.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
uniqueids=yes<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
#nat_traversal=yes<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
# virtual_private=%v4:200.0.0.0/24<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US># defaults for subsequent connection
descriptions<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US># (these defaults will soon go away)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>conn %default<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
keyingtries=0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
disablearrivalcheck=no<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
#authby=rsasig<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
leftrsasigkey=%dnsondemand<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
rightrsasigkey=%dnsondemand<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
authby=secret<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
rekeymargin=10s<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>#
dpddelay=5<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>#
dpdtimeout=5<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>#
dpdaction=clear<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US># connection description for opportunistic
encryption<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US># (requires KEY record in your DNS reverse
map; see doc/opportunism.howto)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> #
for initiator only OE, uncomment and uncomment this<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
# after putting your key in your forward map<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> <a
href="mailto:#leftid=@myhostname.example.com">#leftid=@myhostname.example.com</a><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
# uncomment this next line to enable it<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
#auto=route<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US># sample VPN connection<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
# Left security gateway, subnet behind it, next hop toward right.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
# Right security gateway, subnet behind it, next hop toward left.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
# To authorize this connection, but not actually start it, at startup,<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
# uncomment this.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
#auto=add<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>#
leftsubnet=100::1/64<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>#
rightsubnet=200::1/64<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>conn test<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
left=2007::11<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
leftnexthop=2007::22<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
right=2007::22<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
type=tunnel<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
connaddrfamily=ipv6<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
auto=start<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
authby=secret<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
auth=esp<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
esp=3des-md5<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
keylife=28000s<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
ikelifetime=3600s<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
rekey=yes<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
keyingtries=0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
ike=3des-md5<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
aggrmode=no<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
pfs=yes<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
pfsgroup=modp1536<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
dpdaction=hold<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
dpdtimeout=120<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
dpddelay=30<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
keyexchange=ike<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>----------------------------------------------------------------------------------------------------------<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Thank you in advance.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>Jungho Hwang<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>InnopiaTech<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>Software Engineer<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>Development Part 1.<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>Tel 02-561-8202 Ext.222 Mobile 010-2331-1008<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
</div>
</body>
</html>