From: SourceForge.net <no...@so...> - 2009-01-16 11:05:34
|
Support Requests item #1408690, was opened at 2006-01-18 04:26 Message generated for change (Comment added) made by fabled80 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=541483&aid=1408690&group_id=74601 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Configuration Group: None >Status: Closed Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: IPv6 IPsec Initial Comment: Hello.. I was trying to set the IPsec in IPv6 network. I'm using Fedora core 3 kernel 2.6.9 and ipsec-tools 0.5. But I didn't make it. I'm wandering that it is passble. I cannot understand the retransmition in error messages. So I analyzed packets using Ethereal. And I think that the problem is key exchange part. [root@osd1 racoon]# racoon -F -v -6 - f /etc/racoon/racoon.conf Foreground mode. 2006-01-17 23:46:39: INFO: @(#)ipsec-tools 0.5 (http://ipsec-tools.sourceforge.net) 2006-01-17 23:46:39: INFO: @(#)This product linked OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) 2006-01-17 23:46:40: INFO: 3ffe:ffff:0:f101::6[500] used as isakmp port (fd=6) 2006-01-17 23:47:39: INFO: IPsec-SA request for 3ffe:ffff:0:f102::2 queued due to no phase1 found. 2006-01-17 23:47:39: INFO: initiate new phase 1 negotiation: 3ffe:ffff:0:f101::6[500] <=>3ffe:ffff:0:f102::2[500] 2006-01-17 23:47:39: INFO: begin Identity Protection mode. 2006-01-17 23:47:39: INFO: received Vendor ID: DPD 2006-01-17 23:47:59: NOTIFY: the packet is retransmitted by 3ffe:ffff:0:f102::2[500]. 2006-01-17 23:48:19: NOTIFY: the packet is retransmitted by 3ffe:ffff:0:f102::2[500]. 2006-01-17 23:48:39: NOTIFY: the packet is retransmitted by 3ffe:ffff:0:f102::2[500]. 2006-01-17 23:48:59: NOTIFY: the packet is retransmitted by 3ffe:ffff:0:f102::2[500]. 2006-01-17 23:49:19: NOTIFY: the packet is retransmitted by 3ffe:ffff:0:f102::2[500]. 2006-01-17 23:49:39: ERROR: phase1 negotiation failed due to time up. 348e526b2d78523e:91bc71a16aa9ef8b 2006-01-17 23:49:40: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 3ffe:ffff:0:f102::2->3ffe:ffff:0:f101::6 2006-01-17 23:49:40: INFO: delete phase 2 handler. I hope that someone has a solution. I referred to "Automatic key exchange(IKE)" in Linux IPv6 HOWTO(en) http://www.tldp.org/HOWTO/Linux+IPv6- HOWTO/x2424.html. ---------------------------------------------------------------------- Comment By: Timo Teräs (fabled80) Date: 2009-01-16 13:05 Message: Closing all sourceforge.net bugs. If this issue has not been cared for please submit a new bug report to https://trac.ipsec-tools.net/ issue tracker. Thank you. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-01-19 03:42 Message: Logged In: NO It is solved.. I don't know why.. But I had just executed "ping6" in each node before run setkey.sh and racoon.. then accomplished IPsec connection.. thanks ---------------------------------------------------------------------- Comment By: Frédéric Senault (fredsen) Date: 2006-01-19 01:49 Message: Logged In: YES user_id=312626 What has the "3ffe:ffff:0:f102::2" address ? It looks like that device is mangling packets en route, and ipsec is specifically designed to counter that. Usually, these messages are produced by NAT, but, with IPV6, I don't know. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=541483&aid=1408690&group_id=74601 |