[Openswan Users] ipv6 ping packets are not encapsulated
Jayasri Sangu
JayasriS at aaesys.com
Mon Jun 6 12:31:38 EDT 2011
Hi All,
I am using openswan-2.6.33 on embedded linux with powerpc processor.
My network is setup as follows
eth0 sat0 sat0 eth0
----- fec0::5:230:d4ff:fe80:a6/64 - fec0:1:1:2:3:3:0:5/64-------- sat connection --- fec0:1:1:2:3:3:0:9/64- fec0::3:230:d4ff:fe80:b8/64 --------
(lan) ( gateway A running opensan) ( gateway B running opensan) (lan)
I was able to establish the tunnel between the gateway A nd gateway B. But the ipv6 packets are not encapsulated for connection ipv6_host.
Did I misss anything in my ipsec.conf file?
my ipsec.conf file
config setup
protostack=klips
interfaces="ipsec0=sat0"
# plutodebug=all
conn mod-to-rem
left=10.0.1.171
leftsubnet=10.0.1.0/24
leftnexthop=10.0.1.181
leftid=@xy.example.com<mailto:leftid=@xy.example.com>
leftrsasigkey=0sAQPCZCBkF/0Fb5oeqjeN0UHqyRUC/na4aDVRlZBcJppeyrAuU8iRbIChNFxUC+v87cAq+T2qI5iGVEeVpUJdVpjGDV
right=10.0.1.181
rightsubnet=10.0.1.0/24
rightnexthop=10.0.1.171
rightid=@ab.example.com<mailto:rightid=@ab.example.com>
rightrsasigkey=0sAQOQTYYeJy55k1SQ0y1jJLCGBWMqyi75SLe0QHwjPS0CvBuD9pxuF2ZuF0PqzEvYaYKgS4s3Qp2QSKjV9ZVwiUI+V
auto=add
conn ipv6_host
connaddrfamily=ipv6
left=fec0:1:1:2:3:3:0:5
leftsubnet=::/0
# leftsubnet=fec0:1:1:2::/64
leftnexthop=fec0:1:1:2:3:3:0:9
leftid=@xy.example.com<mailto:leftid=@xy.example.com>
leftrsasigkey=0sAQPCZCBkF/0Fb5oeqjeN0UHqyRUC/na4aDVRlZBcJppeyrAuU8iRbIChNFxUC+v87cAq+T2qI5iGVEeVpUJdVpjGDV
right=fec0:1:1:2:3:3:0:9
rightsubnet=::/0
# rightsubnet=fec0:1:1:2::/64
rightnexthop=fec0:1:1:2:3:3:0:5
rightid=@ab.example.com<mailto:rightid=@ab.example.com>
rightrsasigkey=0sAQOQTYYeJy55k1SQ0y1jJLCGBWMqyi75SLe0QHwjPS0CvBuD9pxuF2ZuF0PqzEvYaYKgS4s3Qp2QSKjV9ZVwiUI+V
auto=add
The ipv6_host connection status
Jan 1 00:35:22 (none) authpriv.warn pluto[794]: "ipv6_host" #1: initiating Main Mode
Jan 1 00:35:24 (none) authpriv.warn pluto[794]: "ipv6_host" #1: received Vendor ID payload [Openswan (this version) 2.6.33 ]
Jan 1 00:35:24 (none) authpriv.warn pluto[794]: "ipv6_host" #1: received Vendor ID payload [Dead Peer Detection]
Jan 1 00:35:24 (none) authpriv.warn pluto[794]: "ipv6_host" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Jan 1 00:35:24 (none) authpriv.warn pluto[794]: "ipv6_host" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Jan 1 00:35:24 (none) authpriv.warn pluto[794]: "ipv6_host" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Jan 1 00:35:24 (none) authpriv.warn pluto[794]: "ipv6_host" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Jan 1 00:35:25 (none) authpriv.warn pluto[794]: "ipv6_host" #1: received Vendor ID payload [CAN-IKEv2]
Jan 1 00:35:25 (none) authpriv.warn pluto[794]: "ipv6_host" #1: Main mode peer ID is ID_FQDN: '@ab.example.com'
Jan 1 00:35:25 (none) authpriv.warn pluto[794]: "ipv6_host" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Jan 1 00:35:25 (none) authpriv.warn pluto[794]: "ipv6_host" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
Jan 1 00:35:25 (none) authpriv.warn pluto[794]: "ipv6_host" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:438acde6 proposal=defaults pfsgroup=OAKLEY_GROUP_MODP2048}
Jan 1 00:35:26 (none) authpriv.warn pluto[794]: "ipv6_host" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Jan 1 00:35:26 (none) authpriv.warn pluto[794]: "ipv6_host" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x52e3d577 <0x37919ae8 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
Thanks
Jayasri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110606/89284bd9/attachment.html
More information about the Users
mailing list