Lenny/Ubuntu: ipsec over ipv6

Fri, 26 Jun 2009 16:54:27 -0700 

hi,

i don't get it working. I want to create a vpn tunnel between two
computers connected with a sixxs IPv6 address. I use on one side Debian
Lenny with freeswan and on the other side Ubuntu 8.10 (intrepid).

my ipsec conf and verify:

############ left: #######################

# ipsec verify
Checking your system to see if IPsec got installed and started
correctly:
Version check and ipsec on-path   [OK]
Linux Openswan U2.4.12/K2.6.27-14-generic (netkey)
Checking for IPsec support in kernel  [OK]

NETKEY detected, testing for disabled ICMP send_redirects [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects
  or NETKEY will cause the sending of bogus ICMP redirects!

NETKEY detected, testing for disabled ICMP accept_redirects     [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
  or NETKEY will accept bogus ICMP redirects!

Checking for RSA private key (/etc/ipsec.secrets)       [DISABLED]
  ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing                                  [N/A]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]



version 2.0
# Connection between two computers
conn kusanagi-sakura
    leftsubnet=
    left=2a01:198:000:000::1
    leftnexthop=%direct
    leftid="C=DE, CN=trainer-vm"
    leftcert=/etc/ipsec.d/certs/trainer-vm-pub.pem
    rightnexthop=%direct
    right=2a01:198:000:000::2
    rightsubnet=
    auto=start

############## right: ################


 ipsec verify
Checking your system to see if IPsec got installed and started
correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.12/K2.6.26-1-xen-amd64 (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [DISABLED]
  ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing                                  [OK]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]


conn kusanagi-sakura
    leftsubnet=
    left=2a01:198:000:000::1
    leftnexthop=%direct
    leftid="C=DE, CN=trainer-vm"
    #leftcert=/etc/ipsec.d/certs/trainer-vm-pub.pem
    rightnexthop=%direct
    right=2a01:198:000:000::2
    rightcert=/etc/ipsec.d/certs/vpn-2-pub.pem
    rightsubnet=
    auto=start



i get on left (Ubuntu):

Jun 27 01:41:52 kusanagi ipsec_setup: Starting Openswan IPsec 2.4.12...
Jun 27 01:41:52 kusanagi ipsec_setup: whack: Pluto is not running (no
"/var/run/pluto/pluto.ctl")
Jun 27 01:41:52 kusanagi ipsec__plutorun: whack error: "kusanagi-sakura"
non-ipv6 address may not contain `:' "2a01:198:000:000::2"
Jun 27 01:41:52 kusanagi ipsec__plutorun: ...could not add conn
"kusanagi-sakura"



any suggestions?

cu denny

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

Reply via email to