ipsec with link local

To: current-users%netbsd.org@localhost
Subject: ipsec with link local
From: 6bone%6bone.informatik.uni-leipzig.de@localhost
Date: Sat, 27 Mar 2010 19:33:16 +0100 (CET)

Hello,

I am trying to use ipsec with link local addresses with the configurationbelow. It looks as if hosts are sending packets, but are not receivingthem.


Can anyone give a hint what the problem with the configuration could be?


Thank you for your efforts

Regards
Uwe



####### ipsec.conf #######
flush;
spdflush;

add -6 fe80::214:22ff:fe1d:8b41%bge0 fe80::20a:e4ff:fe84:5100%bge0 ah0x100 -A hmac-md5 0xdf84cd88405b8faed89031e4118e6cf6;add -6 fe80::20a:e4ff:fe84:5100%bge0 fe80::214:22ff:fe1d:8b41%bge0 ah0x200 -A hmac-md5 0xdf84cd88405b8faed89031e4118e6cf6;


spdadd -6 fe80::/10 fe80::/10 ospfigp -P in ipsec ah/transport//require;
spdadd -6 fe80::/10 fe80::/10 ospfigp -P out ipsec ah/transport//require;
####### end ipsec.conf #######


setkey -D at host1 (fe80::20a:e4ff:fe84:5100) shows:

fe80:3::20a:e4ff:fe84:5100 fe80:3::214:22ff:fe1d:8b41
        ah mode=any spi=512(0x00000200) reqid=0(0x00000000)
        A: hmac-md5  df84cd88 405b8fae d89031e4 118e6cf6
        seq=0x0000002e replay=0 flags=0x00000040 state=mature
        created: Mar 27 18:55:14 2010   current: Mar 27 18:59:07 2010
        diff: 233(s)    hard: 0(s)      soft: 0(s)
        last: Mar 27 18:59:04 2010      hard: 0(s)      soft: 0(s)
        current: 4232(bytes)    hard: 0(bytes)  soft: 0(bytes)
        allocated: 46   hard: 0 soft: 0
        sadb_seq=1 pid=671 refcnt=2
fe80:3::214:22ff:fe1d:8b41 fe80:3::20a:e4ff:fe84:5100
        ah mode=any spi=256(0x00000100) reqid=0(0x00000000)
        A: hmac-md5  df84cd88 405b8fae d89031e4 118e6cf6
        seq=0x00000000 replay=0 flags=0x00000040 state=mature
        created: Mar 27 18:55:14 2010   current: Mar 27 18:59:07 2010
        diff: 233(s)    hard: 0(s)      soft: 0(s)
        last:                           hard: 0(s)      soft: 0(s)
        current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
        allocated: 0    hard: 0 soft: 0
        sadb_seq=0 pid=671 refcnt=1

setkey -D at host2 (fe80::214:22ff:fe1d:8b41) shows:

fe80:7::20a:e4ff:fe84:5100 fe80:7::214:22ff:fe1d:8b41
        ah mode=any spi=512(0x00000200) reqid=0(0x00000000)
        A: hmac-md5  df84cd88 405b8fae d89031e4 118e6cf6
        seq=0x00000000 replay=0 flags=0x00000040 state=mature
        created: Mar 27 18:41:28 2010   current: Mar 27 19:00:21 2010
        diff: 1133(s)   hard: 0(s)      soft: 0(s)
        last:                           hard: 0(s)      soft: 0(s)
        current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
        allocated: 0    hard: 0 soft: 0
        sadb_seq=1 pid=8324 refcnt=1
fe80:7::214:22ff:fe1d:8b41 fe80:7::20a:e4ff:fe84:5100
        ah mode=any spi=256(0x00000100) reqid=0(0x00000000)
        A: hmac-md5  df84cd88 405b8fae d89031e4 118e6cf6
        seq=0x000000e1 replay=0 flags=0x00000040 state=mature
        created: Mar 27 18:41:28 2010   current: Mar 27 19:00:21 2010
        diff: 1133(s)   hard: 0(s)      soft: 0(s)
        last: Mar 27 19:00:20 2010      hard: 0(s)      soft: 0(s)
        current: 20700(bytes)   hard: 0(bytes)  soft: 0(bytes)
        allocated: 225  hard: 0 soft: 0
        sadb_seq=0 pid=8324 refcnt=2


system version: NetBSD 5.0_STABLE (amd64)

Follow-Ups:
- Re: ipsec with link local
  - From: Hubert Feyrer

Prev by Date: daily CVS update output
Next by Date: daily CVS update output
Previous by Thread: daily CVS update output
Next by Thread: Re: ipsec with link local
Indexes:

Home | Main Index | Thread Index | Old Index