Running ipsec-tools-0.6.7 on a Linux client and host both at 2.6.19.
I use Racoon with pre-shared keys and Security Policies with ESP/AHs
configured for IPv4 and IPv6.
There is no problem with IPv4.
I see a chicken and the egg problem with IPv6.
An ICMPv6 Neighbor Solicitation goes from Host A to Host B. This is
o.k. because it is not subject to IPsec.
The ICMPv6 Neighbor Discovery from Host B is not o.k. because since
there exists a SP that requires ESP/AH, it triggers an SA negotiation.
So, it looks like a loop is created and the result is that it does not
I have tried adding in:
spdadd ::/0 ::/0 icmp6 -P out none;
spdadd ::/0 ::/0 icmp6 -P in none;
And although the icmps are now not subject to IPsec, I still get the
"phase1 negotiation" failure in Racoon.
The only way (besides not using Racoon and manually adding keyed SA's)
is the following:
1. Stop the Racoon daemons flush/spdflush all the SAs and SPDs
2. Issue a ping6.
3. Re-issue the SPDs.
4. Start Racoon.
Does anyone know of a permanent solution to this issue?
MRV Communications, Inc.=20
Boston Product Division=20
295 Foster St.=20