Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ipsec with link local



On Sat, 27 Mar 2010, 6bone%6bone.informatik.uni-leipzig.de@localhost wrote:
-A hmac-md5 0xdf84cd88405b8faed89031e4118e6cf6;
add -6 fe80::20a:e4ff:fe84:5100%bge0 fe80::214:22ff:fe1d:8b41%bge0 ah 0x200 -A hmac-md5 0xdf84cd88405b8faed89031e4118e6cf6;
spdadd -6 fe80::/10 fe80::/10 ospfigp -P in ipsec ah/transport//require;
spdadd -6 fe80::/10 fe80::/10 ospfigp -P out ipsec ah/transport//require;
Just a wild guess: add qualification of the interface to the address in 
spdadd ("fe80::/10%bge0")?
Also, can you try a different network card? I've seen (few, but still) NIC 
drivers that don't get multicasting right, and as a result v6 doesn't work 
properly. That's not related to IPsec then, though.
As last resort, see if you can use non-link-local addresses.


 - Hubert


Home | Main Index | Thread Index | Old Index