[Openswan dev] Error building klips-ipv6 (missing include?)

Ruben Laban r.laban at ism.nl
Mon Oct 11 11:07:38 EDT 2010 

Hello David,

It took me a bit of time to get my testing environment up and running again, 
but just now I ran some tests against the latest klips-ipv6 checkout:

On Tuesday 31 August 2010 at 15:33 (CET), Ruben Laban wrote:
> To summarize I see 2 "major" issues left:
> 
> * "messed" up destination mac addresses on outbound traffic (seen by
> tcpdump on  ipsecX)

This one is still present.

> * _updown.klips doesn't take care of adding IPv6 routes yet

This one seems to be fixed.

I did notice something "odd" though:

Before conn is up:

2a02:bd0:abcd:3::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 
hoplimit 0
2a02:bd0:abcd:4::/64 dev eth2  proto kernel  metric 256  mtu 1500 advmss 1440 
hoplimit 0
2a02:bd0:abcd::/48 via 2a02:bd0:abcd:3::10 dev eth1  metric 1024  mtu 1500 
advmss 1440 hoplimit 0
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev ipsec0  proto kernel  metric 256  mtu 16260 advmss 16200 
hoplimit 0

After conn is up:

2a02:bd0:abcd:1::/64 dev ipsec0  metric 1024  mtu 16260 advmss 16200 hoplimit 
0
2a02:bd0:abcd:3::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 
hoplimit 0
2a02:bd0:abcd:3::/64 dev ipsec0  proto kernel  metric 256  mtu 16260 advmss 
16200 hoplimit 0
2a02:bd0:abcd:4::/64 dev eth2  proto kernel  metric 256  mtu 1500 advmss 1440 
hoplimit 0
2a02:bd0:abcd::/48 via 2a02:bd0:abcd:3::10 dev eth1  metric 1024  mtu 1500 
advmss 1440 hoplimit 0
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev ipsec0  proto kernel  metric 256  mtu 16260 advmss 16200 
hoplimit 0

So it does add a nice route to rightsubnet= (2a02:bd0:abcd:1::/64) through 
ipsec0. But it also adds a route to left's "uplink" network 
(2a02:bd0:abcd:3::/64) through ipsec0. I haven't looked at the code in 
question yet, so perhaps this is just some documented feature.
I also noticed the mtu is quite huge. I wonder if that could interfere with 
pmtud somehow?


More important (to me at least) is that I still need to do:

# ip addr add 2a02:bd0:abcd:3::20/64 dev ipsec0
# ipsec whack --listen

before pluto starts listening on the IPv6 address.


Regards,
Ruben Laban

More information about the Dev mailing list