[Openswan Users] IPv6 laptop configuration
Jason White
jason at jasonjgw.net
Wed Mar 17 04:59:45 EDT 2010
Following on from the discussion last week, with my laptop at home and
connected to my local LAN, I specified this configuration.
On the laptop:
conn jpc2-jdc
connaddrfamily=ipv6
left=%defaultroute
leftid=@jpc2.jasonjgw.net
right=2001:44b8:702a:4770::2
leftrsasigkey=[key material omitted]
rightrsasigkey=[key material omitted]
auto=add
On the gateway (my desktop machine for now):
conn jpc2-jdc
connaddrfamily=ipv6
left=%any
leftid=@jpc2.jasonjgw.net
right=2001:44b8:702a:4770::2
rightnexthop=2001:44b8:702a:4770::1
leftrsasigkey=[omitted]
rightrsasigkey=[omitted]
auto=add
I've left out the RSA keys for brevity, as noted.
If I then run ipsec auto --up jpc2-jdc from the laptop, it just hangs there.
I checked out the default IPv6 route, which, due to IPv6 auto-configuration,
turned out to be a link address (fe80 etc.). For test purposes I changed the
route to the actual global address of the router: 2001:44b8:702a:4770::1 and
confirmed that I could still route packets through it.
Attempting to bring up the tunnel still gave the same result however.
Specifying the IPv6 address of the laptop explicitly in its configuration file
is enough to enable the tunnel to be brought up. Obviously, this isn't
desirable, given that the laptop has different IPv6 addresses when connected
to different IPv6 networks.
Any suggestions for improving this situation are welcome. I can carry out
testing as necessary to help with the process, and obviously it isn't urgent.
More information about the Users
mailing list