The following reply was made to PR kern/34734; it has been noted by GNATS.

From: Michael van Elst <mlelstv@serpens.de>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: kern/34734: ipsec tunnels over ipv6 are broken
Date: Fri, 6 Oct 2006 19:28:44 +0200

 The following patch helps for IPsec tunnels with global addresses:
 
 Index: netinet6/ipsec.c
 ===================================================================
 RCS file: /cvsroot/src/sys/netinet6/ipsec.c,v
 retrieving revision 1.108
 diff -u -r1.108 ipsec.c
 --- netinet6/ipsec.c	7 Jun 2006 22:34:03 -0000	1.108
 +++ netinet6/ipsec.c	6 Oct 2006 17:19:45 -0000
 @@ -3345,7 +3345,6 @@
  {
  	u_int8_t nxt = nxt0 & 0xff;
  	struct sockaddr_in6 *sin6;
 -	struct in6_addr in6;
  
  	if (nxt != IPPROTO_IPV6)
  		return 0;
 @@ -3355,7 +3354,7 @@
  	switch (((struct sockaddr *)&sav->sah->saidx.dst)->sa_family) {
  	case AF_INET6:
  		sin6 = ((struct sockaddr_in6 *)&sav->sah->saidx.dst);
 -		if (!IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &in6))
 +		if (!IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &sin6->sin6_addr))
  			return 0;
  		break;
  	case AF_INET:
 
 
 -- 
                                 Michael van Elst
 Internet: mlelstv@serpens.de
                                 "A potential Snark may lurk in every tree."