[Openswan Users] ipv6 ping packets are not encapsulated

Jayasri Sangu JayasriS at aaesys.com
Mon Jun 6 12:31:38 EDT 2011


Hi All,

   I am using  openswan-2.6.33 on embedded linux with powerpc processor.

My network is setup as follows

                                                eth0                       sat0                                                                                        sat0              eth0
   ----- fec0::5:230:d4ff:fe80:a6/64 -   fec0:1:1:2:3:3:0:5/64--------  sat connection  ---  fec0:1:1:2:3:3:0:9/64- fec0::3:230:d4ff:fe80:b8/64 --------
   (lan)                    (  gateway A running opensan)                                                                                  (  gateway B running opensan)                  (lan)


I was able to establish the tunnel between the gateway A nd gateway B.  But the ipv6 packets are not encapsulated for connection ipv6_host.
Did I misss anything in my ipsec.conf file?

my ipsec.conf file
config setup
        protostack=klips
        interfaces="ipsec0=sat0"
#       plutodebug=all

conn mod-to-rem
         left=10.0.1.171
         leftsubnet=10.0.1.0/24
         leftnexthop=10.0.1.181
        leftid=@xy.example.com<mailto:leftid=@xy.example.com>
        leftrsasigkey=0sAQPCZCBkF/0Fb5oeqjeN0UHqyRUC/na4aDVRlZBcJppeyrAuU8iRbIChNFxUC+v87cAq+T2qI5iGVEeVpUJdVpjGDV
        right=10.0.1.181
        rightsubnet=10.0.1.0/24
        rightnexthop=10.0.1.171
        rightid=@ab.example.com<mailto:rightid=@ab.example.com>
        rightrsasigkey=0sAQOQTYYeJy55k1SQ0y1jJLCGBWMqyi75SLe0QHwjPS0CvBuD9pxuF2ZuF0PqzEvYaYKgS4s3Qp2QSKjV9ZVwiUI+V
        auto=add


conn ipv6_host
        connaddrfamily=ipv6
        left=fec0:1:1:2:3:3:0:5
       leftsubnet=::/0
#       leftsubnet=fec0:1:1:2::/64
        leftnexthop=fec0:1:1:2:3:3:0:9
        leftid=@xy.example.com<mailto:leftid=@xy.example.com>
        leftrsasigkey=0sAQPCZCBkF/0Fb5oeqjeN0UHqyRUC/na4aDVRlZBcJppeyrAuU8iRbIChNFxUC+v87cAq+T2qI5iGVEeVpUJdVpjGDV
        right=fec0:1:1:2:3:3:0:9
       rightsubnet=::/0
#       rightsubnet=fec0:1:1:2::/64
        rightnexthop=fec0:1:1:2:3:3:0:5
        rightid=@ab.example.com<mailto:rightid=@ab.example.com>
        rightrsasigkey=0sAQOQTYYeJy55k1SQ0y1jJLCGBWMqyi75SLe0QHwjPS0CvBuD9pxuF2ZuF0PqzEvYaYKgS4s3Qp2QSKjV9ZVwiUI+V
        auto=add



The ipv6_host connection status

Jan  1 00:35:22 (none) authpriv.warn pluto[794]: "ipv6_host" #1: initiating Main Mode
Jan  1 00:35:24 (none) authpriv.warn pluto[794]: "ipv6_host" #1: received Vendor ID payload [Openswan (this version) 2.6.33 ]
Jan  1 00:35:24 (none) authpriv.warn pluto[794]: "ipv6_host" #1: received Vendor ID payload [Dead Peer Detection]
Jan  1 00:35:24 (none) authpriv.warn pluto[794]: "ipv6_host" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Jan  1 00:35:24 (none) authpriv.warn pluto[794]: "ipv6_host" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Jan  1 00:35:24 (none) authpriv.warn pluto[794]: "ipv6_host" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Jan  1 00:35:24 (none) authpriv.warn pluto[794]: "ipv6_host" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Jan  1 00:35:25 (none) authpriv.warn pluto[794]: "ipv6_host" #1: received Vendor ID payload [CAN-IKEv2]
Jan  1 00:35:25 (none) authpriv.warn pluto[794]: "ipv6_host" #1: Main mode peer ID is ID_FQDN: '@ab.example.com'
Jan  1 00:35:25 (none) authpriv.warn pluto[794]: "ipv6_host" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Jan  1 00:35:25 (none) authpriv.warn pluto[794]: "ipv6_host" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
Jan  1 00:35:25 (none) authpriv.warn pluto[794]: "ipv6_host" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:438acde6 proposal=defaults pfsgroup=OAKLEY_GROUP_MODP2048}
Jan  1 00:35:26 (none) authpriv.warn pluto[794]: "ipv6_host" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Jan  1 00:35:26 (none) authpriv.warn pluto[794]: "ipv6_host" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x52e3d577 <0x37919ae8 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}

Thanks
Jayasri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110606/89284bd9/attachment.html 


More information about the Users mailing list