[Openswan dev] Error building klips-ipv6 (missing include?)

David McCullough david_mccullough at mcafee.com
Mon Oct 11 17:42:37 EDT 2010


Jivin Paul Wouters lays it down ...
> On Mon, 11 Oct 2010, Harald Jenny wrote:
> 
> >> [ip route commands] before pluto starts listening on the IPv6 address.
> >
> > Maybe this is related to:
> >
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573955
> >
> > Did already discuss this problem with Paul...
> 
> If that is the cause, "ipsec whack --listen" should fix that without
> setting any routes.

Feel free to tell me I'm wrong, but as far as I can tell, the setup scripts
are responsible for adding all the IPv4/IPv6 addresses to the ipsecX
interfaces,  and need to run after the interfaces get there addresses.

> I have been working a bit on the listen code, and I was considering an
> option to just listen to ANY. I am not sure what the history was of not
> listening on all IP's whenever they become available to the system.
> 
> Perhaps Hugh or Hugh can sched some light on that?
> 
> I also thought there was some kind of notification system in the kernel
> where an application can be told when an interface or ip address is
> added/removed from the kernel. (I don't mean messagebus, though that's
> another candidate)

Whatever mechaism we use,  it needs to duplicate the startklips script,
or,  we need to change the was ipsecX gets configured :-)

Cheers,
Davidm

-- 
David McCullough,      david_mccullough at mcafee.com,  Ph:+61 734352815
McAfee - SnapGear      http://www.mcafee.com         http://www.uCdot.org


More information about the Dev mailing list