[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 03188) IPv4-in-IPv6-IPsec-Tunnel with openswan

Hi,

I'm trying to tunnel IPv4 packets via an IPv6-IPsec tunnel, but it won't work.

After enhancing the scripts in openswan to support --tunnelipv4 I'm able to bring a related config to work in pluto, IPsec SA would be established:

000 "ipv6-*-*-net": 192.168.*.*/24===2001:6f8:*:*::*...2001:6f8:*:*::*===192.168.*.*/24; erouted; eroute owner: #76

000 "ipv6-*-*-net": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0

000 "ipv6-*-*-net": policy: PSK+ENCRYPT+TUNNEL+PFS; prio: 24,24; interface: sit1;

000 #71: "ipv6-*-*" STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 26031s
000 #71: "ipv6-*-* esp:c9356d42@2001:6f8:*:*::* esp:199a7cb@2001:6f8:*:*::* tun:0@2001:6f8:*:*::* tun:0@2001:6f8:*:*::*

But I can't send any packets, pluto reports:

000 192.168.*.*/32:0 -6-> 192.168.*.*/32:0 => %hold 0 %acquire-netlink

What does this mean?


setkey -DP show also a very strange output:

192.168.*.*/24[any] 192.168.*.*/24[any] any
in ipsec
esp/tunnel/32.1.6.248-32.1.6.248/unique#16389 <-!!
created: Jan 9 15:11:53 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1336 seq=19 pid=32080
refcnt=1

192.168.*.*/24[any] 192.168.*.*/24[any] any
out ipsec
esp/tunnel/32.1.6.248-32.1.6.248/unique#16389 <-!!!
created: Jan 9 15:17:23 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1353 seq=17 pid=32080
refcnt=1

Is there's something going wrong in kernel or setkey or both? Looks like at least setkey don't understand, that the tunnel is via IPv6.

Thank you for any hints,
Peter
--
Dr. Peter Bieringer http://www.bieringer.de/pb/
GPG/PGP Key 0x958F422D mailto: pb at bieringer dot de
Deep Space 6 Co-Founder and Core Member http://www.deepspace6.net/