[Openswan Users] IPv6 and road warrior
Maciej Gałkiewicz
maciejgalkiewicz at ragnarson.com
Mon Mar 14 03:20:49 EDT 2011
W dniu 13 marca 2011 00:50 użytkownik David McCullough
<david_mccullough at mcafee.com> napisał:
>
> Jivin Paul Wouters lays it down ...
>> On Thu, 10 Mar 2011, Maciej Galkiewicz wrote:
>>
>> > I would like to encrypt traffic between "a" and "b". "A" has
>> > configuration which accepts road warriors:
>> >
>> > conn a-b
>> > left=2a01:dead:beaf:3ffd:d20d:52ff:fef7:941
>> > right=%any
>> > rightid=@b
>>
>> add a leftid=@a ?
>>
>> > leftrsasigkey=0sAw...
>> > rightrsasigkey=0sAw...
>> > type=transport
>> > connaddrfamily=ipv6
>> > auto=add
>> >
>> > "B" is a road warrior:
>> >
>> > conn a-b
>> > right=2a01:dead:beaf:3ffd:d20d:52ff:fef7:941
>> > left=%defaultroute
>> > leftid=@b
>>
>> This contradicts the other rightid=@a ?
>>
>> > leftrsasigkey=0sAw...
>> > rightrsasigkey=0sAw...
>> > type=transport
>> > connaddrfamily=ipv6
>> > auto=start
>> >
>> > "A" does not seem to listen on appropriate IP address:
>> > # netstat -tunlp
>> > udp6 0 0 2a01:dead:beaf:3ffd:d:500 :::*
>> > 10762/pluto
>> >
>> > In "b" logs I have:
>> > ipsec__plutorun: 003 ERROR: "a-b" #2: sendto on eth0 to
>> > 2a01:dead:beaf:3ffd:d20d:52ff:fef7:941:500 failed in main_outI1. Errno
>> > 97: Address family not supported by protocol
>> >
>> > How to fix this issue?
>>
>> I'm not sure what's going on here. Is this openswan 2.6.33? That has a bunch
>> of ipv6 updates from David...
>
> It contains a lot of changes to klips, but basically none to pluto.
> I think a barf might help, did you compile this yourself ? Which version ?
> Does eth0 have IPv6 configured appropriately ?
My version is 2.6.28+dfsg-5 from debian squeeze. My IPv6 address is
assigned to eth0. The configuration is based on example from "Building
and Integrating Virtual Private Networks with Openswan". I have found
a workaround for this problem. I added to "b's" configuration it's
IPv6 address:
left=2a01:dead:beaf:3ffd:d20d:3dff:fea9:6f6
It should be unnecessary. Please fix this issue. I'm using NETKEY.
regards
Maciej
More information about the Users
mailing list