[Openswan Users] Openswan+Ipv6 probem....again....

Gessler Gerhard Gessler at iabg.de
Fri May 14 22:36:54 CEST 2004


Dear Mathieu,
 
After having taken a look at the output of "ipsec look", I am not clear
if I understand what you want to do:
 
ipsec0->eth0 mtu=16260(1500)->1500
Destination    Gateway    Genmask    Flags    MSS    Window    irtt
Iface
192.1680.0.0    0.0.0.0    255.255.255.0    U    0            0
0    eth0
192.1680.0.0    0.0.0.0    255.255.255.0    U    0            0
0    ipsec0
 
This tells me that you have a kernel with FreeSWAN KLIPS compiled and
loaded. FreeSWAN KLIPS does not support IPv6. For having running IPsec
for IPv6 use either a 2.4.x (x>24) with ipsec backport or a recent 2.6.x
kernel. Don't compile those kernels with KLIPS support as it is not
possible to have both KLIPS and kernel ipsec!!!!
 
All information that I have given in my previous mails assumed that
kernel 2.6.x and Openswan 2.1.x is used. The patches Mikael provided
assumed also that kernel ipsec is used and *not* KLIPS.
 
Hope this helps,
 
    Gerhard

--------------------------------------------
Gerhard Gessler

Communication Networks, IABG mbH
Einsteinstr. 20
85521 Ottobrunn, Germany

Telefon: +49 89 6088 - 2021
Fax: +49 89 6088 - 2845

E-Mail: gessler at iabg.de 

	-----Original Message-----
	From: zze-DURBEC Mathieu FTRD/DTL/ISS
[mailto:mathieu.durbec at rd.francetelecom.com] 
	Sent: Friday, May 14, 2004 11:27 AM
	To: Gessler Gerhard
	Cc: users at lists.openswan.org
	Subject: RE: [Openswan Users] Openswan+Ipv6 probem....again....
	
	
	Hi Gerhard,
	 
	First, thank you for help, that's very nice....
	I've changed my config, but I think it doesn't matter. The
problem is before...
	I've tried to set up an automatic keying connection (in
ipsec.conf with command ipsec auto --up connection) , but when I put
ipv6 adress, it doesn't recognize the connection....
	"021 no connection named "v6" "
	I'm not surprised...
	When I start the ipsec service, the "ipsec look" command shows :
	 
	ipsec0->eth0 mtu=16260(1500)->1500
	Destination    Gateway    Genmask    Flags    MSS    Window
irtt    Iface
	192.1680.0.0    0.0.0.0    255.255.255.0    U    0            0
0    eth0
	192.1680.0.0    0.0.0.0    255.255.255.0    U    0            0
0    ipsec0
	 
	and when I execute ifconfig, it shows me the ipsec0 virtual
interface, with both ipv4 adress and ipv6 local link but no the ipv6
global one....
	 
	I'm trying now to set up a manual keying connection to test
it...
	 
	Well it doesn't work..
	 
	What do you think ?
	 
	Matt
	 
	 

________________________________

	From: Gessler Gerhard [mailto:Gessler at iabg.de] 
	Sent: vendredi 14 mai 2004 07:39
	To: zze-DURBEC Mathieu FTRD/DTL/ISS
	Cc: users at lists.openswan.org
	Subject: RE: [Openswan Users] Openswan+Ipv6 probem....again....
	
	
	Hi Mathieu,
	 
	at first look, your global IPv6 address configuration seems to
be not correct. According to your ifconfig output, the prefix length is
0. A prefix length of 64 seems to me more appropriate. Second, the
prefix length for your link local address is 64. That is quite wired as
I would normaly assume to be it 10. Third, as Mikael already pointed
out, it could well be that Pluto does not like the fact that no IPv4
address is assigned to the interface. If you only want to work with
IPv6, it does not hurt to have an (e.g. private) IPv4 address assigned.
	 
	How do yo (in the current example) try to setup your SA? (1)
With configuration in ipsec.conf (after having applied Mikaels patches)
or (2) with a manual command to Whack and Pluto. In both cases, we would
need to have the used configuration to help you further.
	 
	Cheers,
	 
	    Gerhard
	 

	--------------------------------------------
	Gerhard Gessler
	
	Communication Networks, IABG mbH
	Einsteinstr. 20
	85521 Ottobrunn, Germany
	
	Telefon: +49 89 6088 - 2021
	Fax: +49 89 6088 - 2845
	
	E-Mail: gessler at iabg.de 

		-----Original Message-----
		From: users-bounces at lists.openswan.org
[mailto:users-bounces at lists.openswan.org] On Behalf Of zze-DURBEC
Mathieu FTRD/DTL/ISS
		Sent: Thursday, May 13, 2004 4:41 PM
		To: users at lists.openswan.org
		Subject: [Openswan Users] Openswan+Ipv6
probem....again....
		
		

		Hi, 
		I've been trying for days to set up OpenSWAN with IPv6
support... 
		So, I'am using the 2.1.1 version patched with Mikael
Magnusson'patch.. 
		It doesn't seem to work with ipv6  :,-( 
		Here's my config 

		Ifconfig : 

		eth0    Lien encap:Ethernet  HWaddr 08:00:46:A8:E2:3B  
		          adr inet6: 2001:688:1f8b:a000::1/0
Scope:Global 
		          adr inet6: fe80::a00:46ff:fea8:e23b/64
Scope:Lien 
		          UP BROADCAST RUNNING MULTICAST  MTU:1500
Metric:1 
		          RX packets:3530 errors:0 dropped:0 overruns:0
frame:0 
		          TX packets:14 errors:0 dropped:0 overruns:0
carrier:0 
		          collisions:0 lg file transmission:100 
		          RX bytes:211800 (206.8 Kb)  TX bytes:964
(964.0 b) 
		          Interruption:11 Adresse de base:0x2000 

		Route : 

		Table de routage IPv6 du noyau 
		Destination                                 Prochain Hop
Indic Metric Ref    Utilis. Iface 
		::1/128                                     ::
U     0      11       1 lo      
		2001:688:1f8b:a000::1/128                   ::
U     0      3        0 lo      
		fe80::209:5bff:fe1e:791/128                 ::
U     0      0        0 lo      
		fe80::a00:46ff:fea8:e23b/128                ::
U     0      0        0 lo      
		fe80::/64                                   ::
UA    256    0        0 eth0    
		fe80::/64                                   ::
UA    256    0        0 eth1    
		ff00::/8                                    ::
UA    256    0        0 eth0    
		ff00::/8                                    ::
UA    256    0        0 eth1    
		::/0                                        ::
UDA   256    0        0 eth0    
		::/0                                        ::
UDA   256    0        0 eth1    

		And ipsec.conf 

		# /etc/ipsec.conf - FreeS/WAN IPsec configuration file 
		# RCSID $Id: ipsec.conf.in,v 1.11 2003/06/13 23:28:41
sam Exp $ 

		# This file:
/usr/local/share/doc/freeswan/ipsec.conf-sample 
		# 
		# Manual:     ipsec.conf.5 
		# 

		version 2.0     # conforms to second version of
ipsec.conf specification 

		# basic configuration 
		config setup 
		        forwardcontrol=yes 
		        interfaces="ipsec0=eth0" 
		        uniqueids=yes 
		        # Debug-logging controls:  "none" for (almost)
none, "all" for lots. 
		        klipsdebug=all 
		        plutodebug=all 
		        syslog=syslog.debug 


		Does someone manage to make it work ??? 

		Thanks 

		Matt 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20040514/a05a2255/attachment-0001.htm


More information about the Users mailing list