Lenny/Ubuntu: ipsec over ipv6

To: debian-user@lists.debian.org
Subject: Lenny/Ubuntu: ipsec over ipv6
From: Denny Schierz <linuxmail@4lin.net>
Date: Sat, 27 Jun 2009 01:48:23 +0200
Message-id: <[🔎] 1246060104.7662.24.camel@kusanagi>

hi,

i don't get it working. I want to create a vpn tunnel between two
computers connected with a sixxs IPv6 address. I use on one side Debian
Lenny with freeswan and on the other side Ubuntu 8.10 (intrepid).

my ipsec conf and verify:

############ left: #######################

# ipsec verify
Checking your system to see if IPsec got installed and started
correctly:
Version check and ipsec on-path   [OK]
Linux Openswan U2.4.12/K2.6.27-14-generic (netkey)
Checking for IPsec support in kernel  [OK]

NETKEY detected, testing for disabled ICMP send_redirects [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects
  or NETKEY will cause the sending of bogus ICMP redirects!

NETKEY detected, testing for disabled ICMP accept_redirects 	[FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
  or NETKEY will accept bogus ICMP redirects!

Checking for RSA private key (/etc/ipsec.secrets) 	[DISABLED]
  ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running 	[OK]
Two or more interfaces found, checking IP forwarding        	[OK]
Checking NAT and MASQUERADEing                              	[N/A]
Checking for 'ip' command                                   	[OK]
Checking for 'iptables' command                             	[OK]
Opportunistic Encryption Support                            	[DISABLED]



version 2.0
# Connection between two computers
conn kusanagi-sakura
    leftsubnet=
    left=2a01:198:000:000::1
    leftnexthop=%direct
    leftid="C=DE, CN=trainer-vm"
    leftcert=/etc/ipsec.d/certs/trainer-vm-pub.pem
    rightnexthop=%direct
    right=2a01:198:000:000::2
    rightsubnet=
    auto=start

############## right: ################


 ipsec verify
Checking your system to see if IPsec got installed and started
correctly:
Version check and ipsec on-path                             	[OK]
Linux Openswan U2.4.12/K2.6.26-1-xen-amd64 (netkey)
Checking for IPsec support in kernel                        	[OK]
NETKEY detected, testing for disabled ICMP send_redirects   	[OK]
NETKEY detected, testing for disabled ICMP accept_redirects 	[OK]
Checking for RSA private key (/etc/ipsec.secrets)           	[DISABLED]
  ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                              	[OK]
Two or more interfaces found, checking IP forwarding        	[OK]
Checking NAT and MASQUERADEing                              	[OK]
Checking for 'ip' command                                   	[OK]
Checking for 'iptables' command                             	[OK]
Opportunistic Encryption Support                            	[DISABLED]


conn kusanagi-sakura
    leftsubnet=
    left=2a01:198:000:000::1
    leftnexthop=%direct
    leftid="C=DE, CN=trainer-vm"
    #leftcert=/etc/ipsec.d/certs/trainer-vm-pub.pem
    rightnexthop=%direct
    right=2a01:198:000:000::2
    rightcert=/etc/ipsec.d/certs/vpn-2-pub.pem
    rightsubnet=
    auto=start



i get on left (Ubuntu):

Jun 27 01:41:52 kusanagi ipsec_setup: Starting Openswan IPsec 2.4.12...
Jun 27 01:41:52 kusanagi ipsec_setup: whack: Pluto is not running (no
"/var/run/pluto/pluto.ctl")
Jun 27 01:41:52 kusanagi ipsec__plutorun: whack error: "kusanagi-sakura"
non-ipv6 address may not contain `:' "2a01:198:000:000::2"
Jun 27 01:41:52 kusanagi ipsec__plutorun: ...could not add conn
"kusanagi-sakura"



any suggestions?

cu denny

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

Reply to:

Prev by Date: Re: Anyone has VDPAU working?
Next by Date: Re: [SA Rule] meds, pill and shop spams
Previous by thread: Re: Virtualisation / Xen with home-compiled kernel on sid?
Next by thread: Services / Runlevel editor
Index(es):
- Date
- Thread