[Openswan Users] Openswan 2.6.26 and IPv6 issues

Michael H. Warfield mhw at WittsEnd.com
Mon Jul 12 11:27:17 EDT 2010 

On Mon, 2010-07-12 at 09:53 -0400, Paul Wouters wrote: 
> On Mon, 12 Jul 2010, Jason White wrote:
> 
> > 1. On my Debian system, OpenSwan fails to bind to the IPv6 address
> > during the boot process. I reported this as a Debian bug. It turned out
> > not to be exclusively an OpenSwan problem, i.e., if I configured sshd to
> > bind to a particular IPv6 address, this would also fail.
> >
> > However, it was suggested in the Debian discussion that OpenSwan should
> > really detect new IPv6 addresses on an interface after start-up and
> > respond appropriately.

> I saw that bug report. pluto does need to get smarter in knowing when to look
> for new IP addresses bound on the machine. We are looking at implementing
> something for that. Perhaps something similar to bind's "scanning".

Yeah...  IPv6 addresses are subject to a number of conditions under
which they can change dynamically including auto-conf renumbering,
privacy enhanced EUI addresses, and dynamic cycling where processes on
the machine add and delete addresses.  Closest thing IPv4 has to that
would be if a dhcp server decided to change a lease after an old one
expired while the machine is running.

> > 2. This might not be an IPv6 issue: if I set ikev2=insist in the
> > configurations at both ends of a connection, the initiating host reaches
> > the I2 stage and then fails to receive a reply, resulting in
> > retransmissions that never lead to a completed negotiation.
> 
> I have not heard of this before. Can you send a plutodebug=all of both
> sides and put it into a new bug at bugs.openswan.org ?
> 
> Paul

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20100712/675b3dc4/attachment.bin

More information about the Users mailing list