[Openswan Users] IPv6 VPN Connection

kasi viswanathan kviswanathan.83 at gmail.com
Thu Jun 2 06:41:09 EDT 2016 

Hi

We are using openswan version 2.6.41 in one of our products to
establish VPN connection.
When we are trying to establish a secure connection between two IPv6
hosts connection establishment fails.

Below is config file which we are using:

# /etc/ipsec.conf - Openswan IPsec configuration file
version 2.0     # conforms to second version of ipsec.conf specification
# basic configuration
config setup
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10,%v4:!192.168.1.1/24
        oe=off
        protostack=netkey
        plutoopts="--interface=eth0"
conn testing_connection
        connaddrfamily=ipv6
        ikelifetime=4h
        salifetime=8h
        phase2alg=3des-md5,3des-sha1,aes256-md5,aes256-sha1,aes128-md5,aes128-sha1
        authby=secret
        auto=start
        aggrmode=no
        pfs=no
        left=%defaultroute
        right=3015:1234:5678:9abc::117
        type=transport

And the error log is :

Jan  1 01:01:55 sgx5150 authpriv.err pluto[6601]: ERROR:
"testing_connection" #1: sendto on eth0 to
3015:1234:5678:9abc::117:500 failed in main_outI1. Errno 97: Address
family not supported by protocol
Jan  1 01:01:55 sgx5150 daemon.err ipsec__plutorun: 003 ERROR:
"testing_connection" #1: sendto on eth0 to
3015:1234:5678:9abc::117:500 failed in main_outI1. Errno 97: Address
family not supported by protocol
Jan  1 01:01:55 sgx5150 daemon.err ipsec__plutorun: 104
"testing_connection" #1: STATE_MAIN_I1: initiate
Jan  1 01:02:05 sgx5150 authpriv.err pluto[6601]: ERROR:
"testing_connection" #1: sendto on eth0 to
3015:1234:5678:9abc::117:500 failed in EVENT_RETRANSMIT. Errno 97:
Address family not supported by protocol
xJan  1 01:02:25 sgx5150 authpriv.err pluto[6601]: ERROR:
"testing_connection" #1: sendto on eth0 to
3015:1234:5678:9abc::117:500 failed in EVENT_RETRANSMIT. Errno 97:
Address family not supported by protocol
Jan  1 01:03:05 sgx5150 authpriv.err pluto[6601]: ERROR:
"testing_connection" #1: sendto on eth0 to
3015:1234:5678:9abc::117:500 failed in EVENT_RETRANSMIT. Errno 97:
Address family not supported by protocol

And the log repeats as long as the ipsec deamon is runnig.

FYI, In the config file if we change the value of "left" field to the
IPv6 address of the interface
then connection is getting established. But we cannot hardcode the IPv6 address.

Pls let us know what would be the appropriate fix for this.

Thanks,
Kasiviswanathan.V

More information about the Users mailing list