Menu
▾
▴
[Ipsec-tools-devel] Has anybody here succeeded in using Racoon with Ipv6 in the tunnel mode?
|
From: Huang Z. <02...@fu...> - 2006-03-23 15:00:09
|
Hi, everybody.
I have four machines in my environment, each using Fedora Core4 as
OS:
| ======= ESP ===== |
| | | |
Network-A Gateway-A Gateway-B Network-B
2001:4:5:6::/64 --- 2001:3:4:5::1 ---- 2001:3:4:5::2 ---
2001:2:3:4::/64
The /etc/setkey.conf on GW A:
flush;
spdflush;
#Create policies for racoon
spdadd 2001:3:4:5::2/64 2001:3:4:5::1/64 ipv6-icmp 135,0 -P in none;
spdadd 2001:3:4:5::1/64 2001:3:4:5::2/64 ipv6-icmp 135,0 -P out none;
spdadd 2001:3:4:5::2/64 2001:3:4:5::1/64 ipv6-icmp 136,0 -P in none;
spdadd 2001:3:4:5::1/64 2001:3:4:5::2/64 ipv6-icmp 136,0 -P out none;
spdadd 2001:4:5:6::0/64 2001:2:3:4::0/64 udp -P out ipsec
esp/tunnel/2001:3:4:5::1-2001:3:4:5::2/require;
spdadd 2001:2:3:4::0/64 2001:4:5:6::0/64 udp -P in ipsec
esp/tunnel/2001:3:4:5::2-2001:3:4:5::1/require;
spdadd 2001:4:5:6::0/64 2001:2:3:4::0/64 tcp -P out ipsec
esp/tunnel/2001:3:4:5::1-2001:3:4:5::2/require;
spdadd 2001:2:3:4::0/64 2001:4:5:6::0/64 tcp -P in ipsec
esp/tunnel/2001:3:4:5::2-2001:3:4:5::1/require;
The /etc/raccoon.conf on GWA:
path pre_shared_key "/etc/psk.txt";
log debug;
remote anonymous {
exchange_mode aggressive;
proposal{
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo anonymous {
pfs_group 2;
lifetime time 2 min;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
The problem which I encountered is that when I issue a "ssh 2001:2:3:4::1"
on HostA to launch the racoon on GWA, then racoon on GWA is succeeded in
establishing the SA between GWA and GWB, but on the same time, GWA is halt.
(I know the tunnel is established from the log and on GWB the SA between GWA
and GWB can be checked with setkey -D.
Anybody knows what's the problem? I'll appreciate all your help:)
Yours,
Sincerely,
Huang Zheng
|
