[Ipsec-tools-devel] Has anybody here succeeded in using Racoon with Ipv6 in the tunnel mode?
Brought to you by:
mit_warlord,
netbsd
From: Huang Z. <02...@fu...> - 2006-03-23 15:00:09
|
Hi, everybody. I have four machines in my environment, each using Fedora Core4 as OS: | ======= ESP ===== | | | | | Network-A Gateway-A Gateway-B Network-B 2001:4:5:6::/64 --- 2001:3:4:5::1 ---- 2001:3:4:5::2 --- 2001:2:3:4::/64 The /etc/setkey.conf on GW A: flush; spdflush; #Create policies for racoon spdadd 2001:3:4:5::2/64 2001:3:4:5::1/64 ipv6-icmp 135,0 -P in none; spdadd 2001:3:4:5::1/64 2001:3:4:5::2/64 ipv6-icmp 135,0 -P out none; spdadd 2001:3:4:5::2/64 2001:3:4:5::1/64 ipv6-icmp 136,0 -P in none; spdadd 2001:3:4:5::1/64 2001:3:4:5::2/64 ipv6-icmp 136,0 -P out none; spdadd 2001:4:5:6::0/64 2001:2:3:4::0/64 udp -P out ipsec esp/tunnel/2001:3:4:5::1-2001:3:4:5::2/require; spdadd 2001:2:3:4::0/64 2001:4:5:6::0/64 udp -P in ipsec esp/tunnel/2001:3:4:5::2-2001:3:4:5::1/require; spdadd 2001:4:5:6::0/64 2001:2:3:4::0/64 tcp -P out ipsec esp/tunnel/2001:3:4:5::1-2001:3:4:5::2/require; spdadd 2001:2:3:4::0/64 2001:4:5:6::0/64 tcp -P in ipsec esp/tunnel/2001:3:4:5::2-2001:3:4:5::1/require; The /etc/raccoon.conf on GWA: path pre_shared_key "/etc/psk.txt"; log debug; remote anonymous { exchange_mode aggressive; proposal{ encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key; dh_group 2; } } sainfo anonymous { pfs_group 2; lifetime time 2 min; encryption_algorithm 3des; authentication_algorithm hmac_md5; compression_algorithm deflate; } The problem which I encountered is that when I issue a "ssh 2001:2:3:4::1" on HostA to launch the racoon on GWA, then racoon on GWA is succeeded in establishing the SA between GWA and GWB, but on the same time, GWA is halt. (I know the tunnel is established from the log and on GWB the SA between GWA and GWB can be checked with setkey -D. Anybody knows what's the problem? I'll appreciate all your help:) Yours, Sincerely, Huang Zheng |