Subject: IPv6 IPsec key negotiation is unreliable
To: None <tech-net@netbsd.org>
From: Jonathan A. Kollasch <jakllsch@kollasch.net>
List: tech-net
Date: 09/09/2005 12:11:29
Hi again,
I have a congruous IPv4/IPv6 IPsec setup between the same machines (on the
same subnets), the negotiation of the keys for IPv4 takes a reasonable 2-3
seconds to complete. However, the keys for IPv6 seem to be totally random in
how long it takes to negotiate. However when the machines are on different
subnets the negotiation of IPv6 keys usually takes about the same time as
IPv4 keys. This is between a 2.0.2 and a 2.0 and a 2.0.2/2.0.2 on i386 (all
machines are 500MHz or greater on a mixed media (11g/3u) network). I am not
using FAST_IPSEC. I haven't tried the new ipsec-tools racoon of -current. Any
ideas?
Jonathan Kollasch