ip6 tunnel, ipsec in linux 2.6.1 / 2.6.1-bk6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

could you give me a hint how to get it working?
I compiled "ipv6tunnel" from mipv6-1.0-v2.4.22
(it compiled well without kernel patching),
and I'm creating the tunnel with:

        ipv6tunnel add ip6sec0 \
                local fe80::202:ddff:fe32:6525 \
                remote fe80::209:5bff:fe2f:ea7e
        ip link set ip6sec0 up
        ip link set ip6sec0 mtu 1400
(local and remote exchanged on the sever/gw machine).

Now, two things are strange:
a) on my 2.6.1 machine / laptop:
simulacron:~# ip -6 addr ls dev ip6sec0
9: ip6sec0: <NOARP,UP> 
    inet6 fe80::202:ddff:fe32:6525/64 scope link 
       valid_lft forever preferred_lft forever
    inet6 ff02::1/128 scope global 
       valid_lft forever preferred_lft forever
there is a link local address.

however on my 2.6.1-bk6 / server+router+vpn+ap:
dream:~# ip -6 addr ls dev ip6sec0
9: ip6sec0@NONE: <NOARP,UP> mtu 1400 
    inet6 ff02::1/128 scope global 
       valid_lft forever preferred_lft forever
there is no link local address. why? 


Also the tunnel does not seem to work at all:
	ping6 -I ip6sec0 ip6-allnodes
should send a ping via the tunnel, i.e. I
should see a packet on wlan0 with ip6ip6 headers.
But tcpdump shows no package at all.


There are some unrelated issues I foiund, maybe bugs
in the linux ip stack?
 - using wlan0 the laptop can ping6 the gw fine.
  The other way it's not working:
dream:~# ping6 -I wlan0 fe80::202:ddff:fe32:6525
PING fe80::202:ddff:fe32:6525(fe80::202:ddff:fe32:6525) from
fe80::209:5bff:fe2f:ea7e wlan0: 56 data bytes
ping: sendmsg: Invalid argument

ip6tables are empty....

now another issue: from laptop to gw:
ping6 -I wlan0 fe80::209:5bff:fe2f:ea7e
is working fine, tcpdump shows icmp6 forward and back.

ping6 ip6-allnodes -I wlan0
works too, but tcpdump shows ESP packagets with ipv4 going
forward and back. the setkey selector is:
spdadd 192.168.1.10 192.168.1.1 4 -P out ipsec
        esp/transport//require;
spdadd 192.168.1.1 192.168.1.10 4 -P in ipsec
        esp/transport//require;
so it shouldn't match any ipv6 communication.

why is that?

Regards, Andreas

-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux