[Openswan dev] Error building klips-ipv6 (missing include?)

Harald Jenny harald at a-little-linux-box.at
Tue Oct 12 04:08:40 EDT 2010


On Tue, Oct 12, 2010 at 09:44:11AM +0200, Ruben Laban wrote:
> Hello,
> 
> On Monday 11 October 2010 at 22:28 (CET), Ruben Laban wrote:
> > Hi Harald,
> > 
> > On Monday 11 October 2010 at 21:51 (CET), Harald Jenny wrote:
> > > > 'ipsec whack --listen' didn't result in the IPv6 address showing up on
> > > > ipsec0.  However, 'ipsec setup --restart' did result in the IPv6
> > > > address showing up on ipsec0. So it might the same issue (or at least
> > > > similar) issue after all.
> > > 
> > > The issue from Debian is NETKEY based - when the system is booted it
> > > seems the problem is gone...
> > 
> > I kinda assume(d) that it's a pluto issue, and not really related to the
> > stack that's being used. Only other related thing I can think of is IPv6's
> > DAD feature. Which would keep the address in a tentative state while
> > openswan is starting up, making pluto ignore it. Once DAD finishes its
> > tasks, pluto would pick up the address if it was told to do so (as in:
> > ipsec setup restart for instance).
> 
> I'm *pretty* sure that it is indeed DAD related. I just added some debuging to
> the init script (basically dump the output of `ip -6 a` to syslog), and it
> showed the address in question was indeed tentative still:

http://www.spinics.net/lists/netdev/msg138973.html

> 
> Oct 12 09:27:13 vn-t-fw03 ipsec_setup: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 
> Oct 12 09:27:13 vn-t-fw03 ipsec_setup:     inet6 ::1/128 scope host 
> Oct 12 09:27:13 vn-t-fw03 ipsec_setup:        valid_lft forever preferred_lft forever
> Oct 12 09:27:13 vn-t-fw03 ipsec_setup: 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
> Oct 12 09:27:13 vn-t-fw03 ipsec_setup:     inet6 fe80::20c:29ff:fe3a:e518/64 scope link 
> Oct 12 09:27:13 vn-t-fw03 ipsec_setup:        valid_lft forever preferred_lft forever
> Oct 12 09:27:13 vn-t-fw03 ipsec_setup: 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
> Oct 12 09:27:13 vn-t-fw03 ipsec_setup:     inet6 2a02:bd0:abcd:3::20/64 scope global tentative 
> Oct 12 09:27:13 vn-t-fw03 ipsec_setup:        valid_lft forever preferred_lft forever
> Oct 12 09:27:13 vn-t-fw03 ipsec_setup:     inet6 fe80::20c:29ff:fe3a:e522/64 scope link 
> Oct 12 09:27:13 vn-t-fw03 ipsec_setup:        valid_lft forever preferred_lft forever
> Oct 12 09:27:13 vn-t-fw03 ipsec_setup: 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
> Oct 12 09:27:13 vn-t-fw03 ipsec_setup:     inet6 2a02:bd0:abcd:4::10/64 scope global tentative 
> Oct 12 09:27:13 vn-t-fw03 ipsec_setup:        valid_lft forever preferred_lft forever
> Oct 12 09:27:13 vn-t-fw03 ipsec_setup:     inet6 fe80::20c:29ff:fe3a:e52c/64 scope link tentative 
> Oct 12 09:27:13 vn-t-fw03 ipsec_setup:        valid_lft forever preferred_lft forever
> 
> As already been mentioned several times, the cleanest solution to this problem as 
> well, is to make Openswan/pluto somehow get notified when new IPv4/IPv6 addresses
> arrive on specific/any interfaces.

Agreed - I guess this would need to be made in the main loop of pluto?

> 
> Regards,
> Ruben Laban

Kind regards
Harald Jenny

> _______________________________________________
> Dev mailing list
> Dev at openswan.org
> http://lists.openswan.org/mailman/listinfo/dev


More information about the Dev mailing list