[Openswan Users] Openswan+Ipv6 probem....again....
zze-DURBEC Mathieu FTRD/DTL/ISS
mathieu.durbec at rd.francetelecom.com
Fri May 14 12:26:37 CEST 2004
Hi Gerhard,
First, thank you for help, that's very nice....
I've changed my config, but I think it doesn't matter. The problem is
before...
I've tried to set up an automatic keying connection (in ipsec.conf with
command ipsec auto --up connection) , but when I put ipv6 adress, it
doesn't recognize the connection....
"021 no connection named "v6" "
I'm not surprised...
When I start the ipsec service, the "ipsec look" command shows :
ipsec0->eth0 mtu=16260(1500)->1500
Destination Gateway Genmask Flags MSS Window irtt
Iface
192.1680.0.0 0.0.0.0 255.255.255.0 U 0 0
0 eth0
192.1680.0.0 0.0.0.0 255.255.255.0 U 0 0
0 ipsec0
and when I execute ifconfig, it shows me the ipsec0 virtual interface,
with both ipv4 adress and ipv6 local link but no the ipv6 global one....
I'm trying now to set up a manual keying connection to test it...
Well it doesn't work..
What do you think ?
Matt
_____
From: Gessler Gerhard [mailto:Gessler at iabg.de]
Sent: vendredi 14 mai 2004 07:39
To: zze-DURBEC Mathieu FTRD/DTL/ISS
Cc: users at lists.openswan.org
Subject: RE: [Openswan Users] Openswan+Ipv6 probem....again....
Hi Mathieu,
at first look, your global IPv6 address configuration seems to be not
correct. According to your ifconfig output, the prefix length is 0. A
prefix length of 64 seems to me more appropriate. Second, the prefix
length for your link local address is 64. That is quite wired as I would
normaly assume to be it 10. Third, as Mikael already pointed out, it
could well be that Pluto does not like the fact that no IPv4 address is
assigned to the interface. If you only want to work with IPv6, it does
not hurt to have an (e.g. private) IPv4 address assigned.
How do yo (in the current example) try to setup your SA? (1) With
configuration in ipsec.conf (after having applied Mikaels patches) or
(2) with a manual command to Whack and Pluto. In both cases, we would
need to have the used configuration to help you further.
Cheers,
Gerhard
--------------------------------------------
Gerhard Gessler
Communication Networks, IABG mbH
Einsteinstr. 20
85521 Ottobrunn, Germany
Telefon: +49 89 6088 - 2021
Fax: +49 89 6088 - 2845
E-Mail: gessler at iabg.de
-----Original Message-----
From: users-bounces at lists.openswan.org
[mailto:users-bounces at lists.openswan.org] On Behalf Of zze-DURBEC
Mathieu FTRD/DTL/ISS
Sent: Thursday, May 13, 2004 4:41 PM
To: users at lists.openswan.org
Subject: [Openswan Users] Openswan+Ipv6 probem....again....
Hi,
I've been trying for days to set up OpenSWAN with IPv6
support...
So, I'am using the 2.1.1 version patched with Mikael
Magnusson'patch..
It doesn't seem to work with ipv6 :,-(
Here's my config
Ifconfig :
eth0 Lien encap:Ethernet HWaddr 08:00:46:A8:E2:3B
adr inet6: 2001:688:1f8b:a000::1/0 Scope:Global
adr inet6: fe80::a00:46ff:fea8:e23b/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3530 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:100
RX bytes:211800 (206.8 Kb) TX bytes:964 (964.0 b)
Interruption:11 Adresse de base:0x2000
Route :
Table de routage IPv6 du noyau
Destination Prochain Hop
Indic Metric Ref Utilis. Iface
::1/128 ::
U 0 11 1 lo
2001:688:1f8b:a000::1/128 ::
U 0 3 0 lo
fe80::209:5bff:fe1e:791/128 ::
U 0 0 0 lo
fe80::a00:46ff:fea8:e23b/128 ::
U 0 0 0 lo
fe80::/64 ::
UA 256 0 0 eth0
fe80::/64 ::
UA 256 0 0 eth1
ff00::/8 ::
UA 256 0 0 eth0
ff00::/8 ::
UA 256 0 0 eth1
::/0 ::
UDA 256 0 0 eth0
::/0 ::
UDA 256 0 0 eth1
And ipsec.conf
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.11 2003/06/13 23:28:41 sam Exp $
# This file: /usr/local/share/doc/freeswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
#
version 2.0 # conforms to second version of ipsec.conf
specification
# basic configuration
config setup
forwardcontrol=yes
interfaces="ipsec0=eth0"
uniqueids=yes
# Debug-logging controls: "none" for (almost) none,
"all" for lots.
klipsdebug=all
plutodebug=all
syslog=syslog.debug
Does someone manage to make it work ???
Thanks
Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20040514/b2adec9f/attachment-0001.htm
More information about the Users
mailing list