[Openswan Users] Openswan ipv6 tunnels

Paul Whelan wheelo_01 at hotmail.com
Fri Mar 28 07:20:55 EDT 2008


Hi,

I've been trying for some time to set up Openswan 2.4.9 (with NETKEY) with IPv6 without success. Basically when I try bring up an IPv6 tunnel I get no errors, just pluto trying to initiate the ISAKMP message which doesn't succeed , it just retransmits the initialise messages every 20 seconds. On further inspection I found that the 2nd Openswan GW is receiving the ISAKMP message but when it tries to reply it gets a "ICMP6, destination unreachable[|icmp6]" message. 

My IPv6 routes and ips are correct and my kernel has the appropriate options installed. I have set up a IPv6 IPSEC tunnel using setkey to manually add SAs & SPs, I was able to ping across the tunnel and could see the ESP packets using tcpdump from each direction.

My ipsec.conf file seems to be correct, as it doesn't give any errors when starting Openswan and is included below.


Does IPv6 work on 2.4.9, or is there some ipv6 patch i need that is mentioned in some forums?

Thanks in advance
Regards,
Paul Whelan





version 2.0     # conforms to second version of ipsec.conf specification


# basic configuration

config setup
        #klipsdebug=none
        #plutodebug=none
        #uniqueids=yes

# Add connections here
conn %default
        keyingtries=0


conn sa-ipv6-tunnel
        connaddrfamily=ipv6
        left=6400:7:6:5:4:3:2:2
        right=2000:7:6:5:4:3:2:1
        esp=aes128-sha1
        ike=aes-sha-modp1024
        authby=secret
        type=tunnel
        #compress=no
        auto=add


#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
~


_________________________________________________________________
In a rush?  Get real-time answers with Windows Live Messenger.
http://www.windowslive.com/messenger/overview.html?ocid=TXT_TAGLM_WL_Refresh_realtime_042008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080328/9827ef4f/attachment.html 


More information about the Users mailing list