<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class='hmmessage'>
Hi,<br><br>I've been trying for some time to set up Openswan 2.4.9 (with NETKEY) with IPv6 without success. Basically when I try bring up an IPv6 tunnel I get no errors, just pluto trying to initiate the ISAKMP message which doesn't succeed , it just retransmits the initialise messages every 20 seconds. On further inspection I found that the 2nd Openswan GW is receiving the ISAKMP message but when it tries to reply it gets a "ICMP6, destination unreachable[|icmp6]" message. <br><br>My IPv6 routes and ips are correct and my kernel has the appropriate options installed. I have set up a IPv6 IPSEC tunnel using setkey to manually add SAs & SPs, I was able to ping across the tunnel and could see the ESP packets using tcpdump from each direction.<br><br>My ipsec.conf file seems to be correct, as it doesn't give any errors when starting Openswan and is included below.<br><br><br>Does IPv6 work on 2.4.9, or is there some ipv6 patch i need that is mentioned in some forums?<br><br>Thanks in advance<br>Regards,<br>Paul Whelan<br><br><br><br><br><br>version 2.0 # conforms to second version of ipsec.conf specification<br><br><br># basic configuration<br><br>config setup<br> #klipsdebug=none<br> #plutodebug=none<br> #uniqueids=yes<br><br># Add connections here<br>conn %default<br> keyingtries=0<br><br><br>conn sa-ipv6-tunnel<br> connaddrfamily=ipv6<br> left=6400:7:6:5:4:3:2:2<br> right=2000:7:6:5:4:3:2:1<br> esp=aes128-sha1<br> ike=aes-sha-modp1024<br> authby=secret<br> type=tunnel<br> #compress=no<br> auto=add<br><br><br>#Disable Opportunistic Encryption<br>include /etc/ipsec.d/examples/no_oe.conf<br>~<br><br><br /><hr />In a rush? <a href='http://www.windowslive.com/messenger/overview.html?ocid=TXT_TAGLM_WL_Refresh_realtime_042008' target='_new'>Get real-time answers with Windows Live Messenger.</a></body>
</html>