[Openswan Users] IPsec Tunnel(with IPV6 address ends points) Fails If Client is IPV6

Paul Wouters paul at xelerance.com
Fri Nov 24 14:42:57 EST 2006

On Fri, 24 Nov 2006, Socrates Socrates wrote:

> I am using openswan (openswan_2.4.6) that's included in OpenWRT's
> Whiterussian RC5 release to establish an IPSec tunnel using IPV6 addresses

my RC5 openwrt comes with openswan 2.4.4. You prob have rc6?

> as end points (by specifying ipv6, in ipsec.conf).
> I further specify (using tunnelipv6 in ipsec.conf) that the client traffic
> should be interpreted as using IPV6 addresses.
> The problem:
> When I start up IPSec I get: "pfkey write() of SADB_X_ADDFLOW message 5 for
> flow %trap failed. Errno 123: Protocol family not supported" and the tunnel
> is never established.

Openwrt (on linksys) uses the 2.4 kernel and KLIPS. KLIPS does not support IPv6.
So for IPv6, you will need a 2.6 kernel, but those do not run on the openwrt
images for linksys wrtg yet.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list