[Openswan Users] Openswan + IPv6

Gessler Gerhard Gessler at iabg.de
Wed May 12 09:26:39 CEST 2004 

Hi all,

let me first state that I have not done tests with IPsec for IPv6 using
the ipsec backport for 2.4.x kernels. But I think that (as the basic
code should be quite the same), if OpenSWAN can negotiate and install
IPv6 SA's on 2.6.x kernels, it should also work on 2.4.x kernels. Or am
I missing some big difference in the PF_KEY interface.

Nevertheless, even is the necessary code in _confread is not there to
support the definition of IPv6 conns in ipsec.conf, the code and logic
is already in Pluto and Whack (since FreeSWAN 1.6).
I am able to define, load, negotiate and install e.g. host-to-host IPv6
SA (client net is /128) with ESP authentication using OpenSWAN 2.1.2rc5.
IKE authentication is done via PSK, the connection is loaded manually
into Pluto using Whack. 
The _updown script needed some changes as it does not support the
necessary -v6 verbs that Pluto hands  over to it, but after defining
them (doing just nothing), the Quick Mode SA gets installed
successfully.

Currently I seem to have problem with doing the same with a connection
that does AH authentication and ESP encryption. The negotiation is
successfull, but the resulting packets from the kernel are just crap.

For all the tests I used either 2.6.5 kernel (debian testing source) or
2.6.6 kernel (plain kernel from www.kernel.org).

Cheers,

	Gerhard

--------------------------------------------
Gerhard Gessler

Communication Networks, IABG mbH
Einsteinstr. 20
85521 Ottobrunn, Germany

Telefon: +49 89 6088 - 2021
Fax: +49 89 6088 - 2845

E-Mail: gessler at iabg.de 

  > -----Original Message-----
  > From: users-bounces at lists.openswan.org 
  > [mailto:users-bounces at lists.openswan.org] On Behalf Of Paul Wouters
  > Sent: Tuesday, May 11, 2004 6:35 PM
  > To: zze-DURBEC Mathieu FTRD/DTL/ISS
  > Cc: users at lists.openswan.org
  > Subject: Re: [Openswan Users] Openswan + IPv6
  > 
  > 
  > On Tue, 11 May 2004, zze-DURBEC Mathieu FTRD/DTL/ISS wrote:
  > 
  > > I just want to know if the lastest OpenSWAN releases work 
  > with IPv6 
  > > (not kernel 2.6, but 2.4 with IPv6 ) ?
  > 
  > No it does not yet support IPv6.
  > 
  > Paul
  > 
  > _______________________________________________
  > Users mailing list
  > Users at lists.openswan.org 
  > http://lists.openswan.org/mailman/listinfo/users
  >

More information about the Users mailing list