Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ipsec with link local

On Sat, 27 Mar 2010, wrote:
-A hmac-md5 0xdf84cd88405b8faed89031e4118e6cf6;
add -6 fe80::20a:e4ff:fe84:5100%bge0 fe80::214:22ff:fe1d:8b41%bge0 ah 0x200 -A hmac-md5 0xdf84cd88405b8faed89031e4118e6cf6;

spdadd -6 fe80::/10 fe80::/10 ospfigp -P in ipsec ah/transport//require;
spdadd -6 fe80::/10 fe80::/10 ospfigp -P out ipsec ah/transport//require;

Just a wild guess: add qualification of the interface to the address in spdadd ("fe80::/10%bge0")?

Also, can you try a different network card? I've seen (few, but still) NIC drivers that don't get multicasting right, and as a result v6 doesn't work properly. That's not related to IPsec then, though.

As last resort, see if you can use non-link-local addresses.

 - Hubert

Home | Main Index | Thread Index | Old Index