[Openswan Users] IPv6-in-IPv6 IPsec tunnel established, but route unreachable

Felix fooo at comcast.net
Fri Aug 5 22:32:03 CEST 2005


Using Openswan 2.3.1 and Linux kernel 2.6.12, I setup an IPv6-in-IPv6 IPsec
tunnel.  My topology looks like this:

subnet AAA::/64 ---- IPsec GW BBB::1 ---- IPsec GW CCC::1 ---- subnet DDD::/64

Both Main Mode and Quick Mode successfully completed.  Next, from a PC in
subnet AAA I tried to ping a PC in subnet DDD.  Now when IPsec GW BBB received
the ping packet, it did not forward the packet through the tunnel; instead it
dropped it, and it sent to the PC in subnet AAA an ICMPv6 message saying route
unreachable.

In the "config setup" section of my ipsec.conf files, I did put

    forwardcontrol=yes

That should have taken care of setting up the routes.

Next I tried the "ipsec eroute" command, but I got an error message that says

    NETKEY does not support eroute table.

What do I do?

Felix


More information about the Users mailing list