[Openswan Users]
IPv6-in-IPv6 IPsec tunnel established, but route unreachable
Felix
fooo at comcast.net
Fri Aug 5 22:32:03 CEST 2005
Using Openswan 2.3.1 and Linux kernel 2.6.12, I setup an IPv6-in-IPv6 IPsec
tunnel. My topology looks like this:
subnet AAA::/64 ---- IPsec GW BBB::1 ---- IPsec GW CCC::1 ---- subnet DDD::/64
Both Main Mode and Quick Mode successfully completed. Next, from a PC in
subnet AAA I tried to ping a PC in subnet DDD. Now when IPsec GW BBB received
the ping packet, it did not forward the packet through the tunnel; instead it
dropped it, and it sent to the PC in subnet AAA an ICMPv6 message saying route
unreachable.
In the "config setup" section of my ipsec.conf files, I did put
forwardcontrol=yes
That should have taken care of setting up the routes.
Next I tried the "ipsec eroute" command, but I got an error message that says
NETKEY does not support eroute table.
What do I do?
Felix
More information about the Users
mailing list