[Openswan Users] AF_INET6 protocol family not supported

Felix fooo at comcast.net
Tue Jul 19 23:36:22 CEST 2005 

I'm trying to setup a simple IPv6-in-IPv6 tunnel between two linux boxes running kernel version 2.4.29 and Openswan 2.3.1.

Openswan finished Main Mode, but it balked in the middle of Quick Mode.  Here's what I got after I ran "ipsec auto":

-------------------------------------------------
linuxbox# ipsec auto --up ipv6conn
104 "ipv6conn" #1: STATE_MAIN_I1: initiate
003 "ipv6conn" #1: received Vendor ID payload [Openswan (this version) 2.3.1  X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
003 "ipv6conn" #1: received Vendor ID payload [Dead Peer Detection]
106 "ipv6conn" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "ipv6conn" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "ipv6conn" #1: STATE_MAIN_I4: ISAKMP SA established
117 "ipv6conn" #2: STATE_QUICK_I1: initiate
003 ERROR: "ipv6conn" #2: pfkey write() of SADB_X_ADDFLOW message 7 for flow tun:1001 at baad:d00d::1 failed. Errno 96: Protocol family not supported
003 ERROR: "ipv6conn" #2: pfkey write() of SADB_X_ADDFLOW message 12 for flow tun:1002 at baad:d00d::100 failed. Errno 96: Protocol family not supported
032 "ipv6conn" #2: STATE_QUICK_I1: internal error
-------------------------------------------------

>From pluto.log, I saw this:

-------------------------------------------------
| add inbound eroute baad:beef::/32:0 --0-> dead:beef::/32:0 => tun:1001 at baad:d00d::1 (raw_eroute)
ERROR: "ipv6conn" #2: pfkey write() of SADB_X_ADDFLOW message 7 for flow tun:1001 at baad:d00d::1 failed. Errno 96: Protocol family not supported
|   02 0e 00 09  23 00 00 00  07 00 00 00  85 16 00 00
|   03 00 01 00  00 00 10 01  00 00 00 00  08 00 00 00
|   ff ff ff ff  00 00 00 00  05 00 05 00  00 00 00 00
|   0a 00 00 00  00 00 00 00  ba ad d0 0d  00 00 00 00
|   00 00 00 00  00 00 01 00  00 00 00 00  00 00 00 00
|   05 00 06 00  00 00 00 00  0a 00 00 00  00 00 00 00
|   ba ad d0 0d  00 00 00 00  00 00 00 00  00 00 00 01
|   00 00 00 00  00 00 00 00  05 00 15 00  00 00 00 00
|   0a 00 00 00  00 00 00 00  ba ad be ef  00 00 00 00
|   00 00 00 00  00 00 00 00  91 05 0d 40  00 00 00 00
|   05 00 16 00  00 00 00 00  0a 00 00 00  00 00 00 00
|   de ad be ef  00 00 00 00  00 00 00 00  00 00 00 00
|   1d 00 00 00  00 00 00 00  05 00 17 00  00 00 00 00
|   0a 00 00 00  00 00 00 00  ff ff ff ff  00 00 00 00
|   00 00 00 00  00 00 00 00  f5 e9 ff bf  00 00 00 00
|   05 00 18 00  00 00 00 00  0a 00 00 00  00 00 00 00
|   ff ff ff ff  00 00 00 00  00 00 00 00  00 00 00 00
|   30 00 00 00  00 00 00 00
-------------------------------------------------

>From klips debug, I got this:

-------------------------------------------------
Jul 19 12:16:23 linuxbox kernel: klips_debug:pfkey_address_process: uh, ips_said.dst doesn't do address family=10 yet, said will be invalid.
Jul 19 12:16:23 linuxbox kernel: klips_debug:pfkey_address_process: s->sa_family=10 not supported.
-------------------------------------------------

I looked up "sa_family=10" in the source code, and it turns out to be AF_INET6.  Does Openswan support IPv6?


Felix

More information about the Users mailing list