[Openswan Users] "We cannot identify ourselves with either end of this connection"
kartikeyan s
octeon at gmail.com
Tue Nov 7 06:47:47 EST 2006
Message Body Inline
On 11/6/06, Paul Wouters <paul at xelerance.com> wrote:
>
> On Mon, 6 Nov 2006, kartikeyan s wrote:
>
> > "We cannot identify ourselves with either end of this connection"
>
> > conn samplev6
> > type=tunnel
> > connaddrfamily=ipv6
> > left=3000:2000::1000
> > leftsubnet=3100:2000::/64
> > right=3000:2000::1001
> > rightsubnet=3200:2000::/64
> > auto=add
> > esp=3des-md5-96
> > authby=secret
> > leftrsasigkey=%none
>
> the old scripts do not handle ipv6 properly. The new addcon code might
> work better. Try openswan-2.5.00. If they also do not fully support
> ipv6 yet (we currently are not testing it), then you might need to
> use ipsec whack directly to load and initiate ipv6 based connections.
I tried /usr/local/libexec/ipsec/whack --name samplev6 --initiate
I still get the same error.
1)
Does openswan 2.4.6 ever tested with Linux Kernel 2.4.20-30.9 and IPv6 ?
I mean does the basic functionality work?
Or Am I doing something wrong
2)
In my case eth0 case an IPv4 address 192.168.190.51
IPv6 address 3000:2000::1000 scope global
IPv6 address fe80::2e0:9fff:fe28:dc30/64 scope link local
when I do service ipsec start
ipsec0 interface has only IPv4 address and IPv6 link local address.
Scope Global address is missing. why ????
I tried to assign it forcibly without errors by the following commands.
ifconfig eth0 inet6 add 3000:2000::1000;
whack --name samplev6 --initiate
But still I get the same error
"We cannot identify ourselves with either end of this connection"
Any Ideas ??
S.Kartikeyan
Paul
> --
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061107/05f4875c/attachment.html
More information about the Users
mailing list