[Openswan dev] Error building klips-ipv6 (missing include?)

Harald Jenny harald at a-little-linux-box.at
Mon Oct 11 11:14:12 EDT 2010 

On Mon, Oct 11, 2010 at 05:07:38PM +0200, Ruben Laban wrote:
> Hello David,

Hi Ruben

> 
> It took me a bit of time to get my testing environment up and running again, 
> but just now I ran some tests against the latest klips-ipv6 checkout:
> 
> On Tuesday 31 August 2010 at 15:33 (CET), Ruben Laban wrote:
> > To summarize I see 2 "major" issues left:
> > 
> > * "messed" up destination mac addresses on outbound traffic (seen by
> > tcpdump on  ipsecX)
> 
> This one is still present.
> 
> > * _updown.klips doesn't take care of adding IPv6 routes yet
> 
> This one seems to be fixed.
> 
> I did notice something "odd" though:
> 
> Before conn is up:
> 
> 2a02:bd0:abcd:3::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 
> hoplimit 0
> 2a02:bd0:abcd:4::/64 dev eth2  proto kernel  metric 256  mtu 1500 advmss 1440 
> hoplimit 0
> 2a02:bd0:abcd::/48 via 2a02:bd0:abcd:3::10 dev eth1  metric 1024  mtu 1500 
> advmss 1440 hoplimit 0
> fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
> fe80::/64 dev eth2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
> fe80::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
> fe80::/64 dev ipsec0  proto kernel  metric 256  mtu 16260 advmss 16200 
> hoplimit 0
> 
> After conn is up:
> 
> 2a02:bd0:abcd:1::/64 dev ipsec0  metric 1024  mtu 16260 advmss 16200 hoplimit 
> 0
> 2a02:bd0:abcd:3::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 
> hoplimit 0
> 2a02:bd0:abcd:3::/64 dev ipsec0  proto kernel  metric 256  mtu 16260 advmss 
> 16200 hoplimit 0
> 2a02:bd0:abcd:4::/64 dev eth2  proto kernel  metric 256  mtu 1500 advmss 1440 
> hoplimit 0
> 2a02:bd0:abcd::/48 via 2a02:bd0:abcd:3::10 dev eth1  metric 1024  mtu 1500 
> advmss 1440 hoplimit 0
> fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
> fe80::/64 dev eth2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
> fe80::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
> fe80::/64 dev ipsec0  proto kernel  metric 256  mtu 16260 advmss 16200 
> hoplimit 0
> 
> So it does add a nice route to rightsubnet= (2a02:bd0:abcd:1::/64) through 
> ipsec0. But it also adds a route to left's "uplink" network 
> (2a02:bd0:abcd:3::/64) through ipsec0. I haven't looked at the code in 
> question yet, so perhaps this is just some documented feature.
> I also noticed the mtu is quite huge. I wonder if that could interfere with 
> pmtud somehow?
> 
> 
> More important (to me at least) is that I still need to do:
> 
> # ip addr add 2a02:bd0:abcd:3::20/64 dev ipsec0
> # ipsec whack --listen
> 
> before pluto starts listening on the IPv6 address.

Maybe this is related to:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573955

Did already discuss this problem with Paul...

> 
> 
> Regards,
> Ruben Laban

Kind regards
Harald Jenny

> _______________________________________________
> Dev mailing list
> Dev at openswan.org
> http://lists.openswan.org/mailman/listinfo/dev

More information about the Dev mailing list