<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class='hmmessage'>
<br>I install the latest version of the 2.5 branch, 2.5.17 and tried again bringing up ipv6 tunnels.<br>I got the following error messages:<br><br>"can not load config '/etc/ipsec.conf': /etc/ipsec.conf:27: syntax error, unexpected STRING [connaddrfamily]"<br><br>When I comment out the line "connaddrfamily=ipv6" I get "non-ipv6 address may not contain `:'" in /var/log/messages<br><br><br>I tried using whack also to add a IPv6 tunnel using the command<br><br>"ipsec whack --name tunipv6 --ipv6 --tunnelipv6 --host 2000:7:6:5:4:3:2:1 --to --host 6400:7:6:5:4:3:2:2 --psk --encrypt --pfs --ikelifetime 600 --ipseclifetime 300 --rekeymargin 20"<br><br>When i try bring up the tunnel using "ipsec auto --up tunipv6" I get the same ike messages being received on the second Openswan Gateway, but no replies. This is also the behaviour I get when using 2.4.9<br><br>tcpdump: verbose output suppressed, use -v or -vv for full protocol decode<br>listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes<br>11:54:15.754112 fe80::240:f4ff:fe87:5c5a > fe80::214:5eff:fe1e:141e: icmp6: neighbor sol: who has fe80::214:5eff:fe1e:141e<br>11:54:16.062705 fe80::214:5eff:fe1e:141e > fe80::240:f4ff:fe87:5c5a: icmp6: neighbor adv: tgt is fe80::214:5eff:fe1e:141e<br>11:54:15.754175 6400:7:6:5:4:3:2:2.isakmp > 2000:7:6:5:4:3:2:1.isakmp: isakmp: phase 1 I ident<br>11:54:15.754185 2000:7:6:5:4:3:2:1 > 6400:7:6:5:4:3:2:2: [|icmp6]<br>11:54:20.753158 fe80::214:5eff:fe1e:141e > fe80::240:f4ff:fe87:5c5a: icmp6: neighbor sol: who has fe80::240:f4ff:fe87:5c5a<br>11:54:20.753246 fe80::240:f4ff:fe87:5c5a > fe80::214:5eff:fe1e:141e: icmp6: neighbor adv: tgt is fe80::240:f4ff:fe87:5c5a<br>11:54:35.751270 6400:7:6:5:4:3:2:2.isakmp > 2000:7:6:5:4:3:2:1.isakmp: isakmp: phase 1 I ident<br>11:54:35.751281 2000:7:6:5:4:3:2:1 > 6400:7:6:5:4:3:2:2: [|icmp6]<br><br>Is there any parameters I'm missing when using whack?<br><br>Regards,<br>Paul Whelan<br><br><br><br><br>> Date: Fri, 28 Mar 2008 10:07:00 -0400<br>> From: paul@xelerance.com<br>> To: wheelo_01@hotmail.com<br>> CC: users@openswan.org<br>> Subject: Re: [Openswan Users] Openswan ipv6 tunnels<br>> <br>> On Fri, 28 Mar 2008, Paul Whelan wrote:<br>> <br>> > I've been trying for some time to set up Openswan 2.4.9 (with NETKEY) with<br>> > IPv6 without success.<br>> <br>> > My IPv6 routes and ips are correct and my kernel has the appropriate options installed. I have set up a IPv6 IPSEC tunnel using setkey to manually add SAs & SPs, I was able to ping across the tunnel and could see the ESP packets using tcpdump from each direction.<br>> ><br>> > My ipsec.conf file seems to be correct, as it doesn't give any errors when starting Openswan and is included below.<br>> ><br>> ><br>> > Does IPv6 work on 2.4.9, or is there some ipv6 patch i need that is mentioned in some forums?<br>> <br>> I would try to use 2.5.x, as most of the startup scripting has been replaced<br>> by the addcon and libipsecconf code. We have not tested whether using the<br>> configuration files works fully with ipv6.<br>> <br>> As a step in between, you can also use "ipsec whack" to 'configure' the<br>> conn for ipv6.<br>> <br>> Paul<br>> -- <br>> Building and integrating Virtual Private Networks with Openswan:<br>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155<br><br /><hr />How well do you know your celebrity gossip? <a href='http://originals.msn.com/thebigdebate?ocid=T002MSN03N0707A' target='_new'>Talk celebrity smackdowns here.</a></body>
</html>