subject:"Re\: \[Swan\-dev\] Libreswan 5.0 RC1 IPv6 ULA not accepted"

Re: [Swan-dev] Libreswan 5.0 RC1 IPv6 ULA not accepted

2024-01-15 Thread Paul Wouters

On Jan 15, 2024, at 15:03, Bill Atwood  wrote:
> 
> My bad.
> 
> I had re-booted Ritchie, and forgotten to re-run the script that assigns the 
> ULA.
> 
> After running that script, I see an established connection (on both Ritchie 
> and Tarjan).
> 
> What I don't see is any evidence of an added interface on Ritchie (5.0 RC1), 
> where I do see this on Tarjan (4.12).  How does one access the new tunnel?

Magic grabs the packets. You can check byte counters with “ipsec traffic”.

You can also add ipsec-interface=1 and you will get an interface named ipsec1.


> 
>  Bill
> 
> dev@Ritchie:~$ ./fixaddr.sh
> 1: lo:  mtu 65536 state UNKNOWN qlen 1000
>inet6 ::1/128 scope host
>   valid_lft forever preferred_lft forever
> 2: enp4s0:  mtu 1500 state UP qlen 1000
>inet6 fd51:20d9:5ad2:b::2/64 scope global tentative
>   valid_lft forever preferred_lft forever
>inet6 fe80::21a:a0ff:fe15:62b8/64 scope link
>   valid_lft forever preferred_lft forever
> 3: enp5s4:  mtu 1500 state UP qlen 1000
>inet6 fe80::20e:cff:fea9:b90f/64 scope link
>   valid_lft forever preferred_lft forever
> 4: enp5s5:  mtu 1500 state UP qlen 1000
>inet6 fe80::20e:cff:fea9:b937/64 scope link
>   valid_lft forever preferred_lft forever
> dev@Ritchie:~$ sudo ipsec setup restart
> Redirecting to: systemctl restart ipsec.service
> dev@Ritchie:~$ sudo ipsec add RITA6c
> "RITA6c": added IKEv2 connection
> dev@Ritchie:~$ sudo ipsec status |grep interface
> using kernel interface: xfrm
> interface enp4s0 UDP [fd51:20d9:5ad2:b::2]:4500
> interface enp4s0 UDP [fd51:20d9:5ad2:b::2]:500
> interface lo UDP [::1]:4500
> interface lo UDP [::1]:500
> interface lo UDP 127.0.0.1:4500
> interface lo UDP 127.0.0.1:500
> interface enp4s0 UDP 132.205.9.46:4500
> interface enp4s0 UDP 132.205.9.46:500
> interface enp5s4 UDP 132.205.9.50:4500
> interface enp5s4 UDP 132.205.9.50:500
> interface enp5s5 UDP 132.205.9.53:4500
> interface enp5s5 UDP 132.205.9.53:500
> interface virbr0 UDP 192.168.123.1:4500
> interface virbr0 UDP 192.168.123.1:500
> "RITA6c":   conn_prio: 128,128; interface: enp4s0; metric: 0; mtu: unset; 
> sa_prio:auto; sa_tfc:none;
> dev@Ritchie:~$ sudo ipsec up RITA6c
> "RITA6c" #1: initiating IKEv2 connection to fd51:20d9:5ad2:b::1 using UDP
> "RITA6c" #1: sent IKE_SA_INIT request to [fd51:20d9:5ad2:b::1]:500
> "RITA6c" #1: sent IKE_AUTH request {cipher=AES_GCM_16_256 integ=n/a 
> prf=HMAC_SHA2_512 group=MODP2048}
> "RITA6c" #1: initiator established IKE SA; authenticated peer '2048-bit 
> RSASSA-PSS with SHA2_512' digital signature using peer certificate 'CN=Tarjan 
> certificate' issued by CA 'CN=ConU CSE HSPL'
> "RITA6c" #2: initiator established Child SA using #1; IPsec tunnel 
> [fd51:20d9:5ad2:b::2/128===fd51:20d9:5ad2:b::1/128] {ESP/ESN=>0xfee0113a 
> <0xee7634c5 xfrm=AES_GCM_16_256-NONE DPD=passive}
> dev@Ritchie:~$
> 
>> On 1/15/2024 2:26 PM, Paul Wouters wrote:
>>> On Mon, 15 Jan 2024, Tuomo Soini wrote:
>>> On Mon, 15 Jan 2024 13:23:58 -0500
>>> Bill Atwood  wrote:
>>> 
 Here is the result of the status command, on Ritchie (running 5.0
 RC1):
 
 dev@Ritchie:~$  sudo ipsec status | grep interface
 [sudo] password for dev:
 using kernel interface: xfrm
 interface lo UDP [::1]:4500
 interface lo UDP [::1]:500
 interface lo UDP 127.0.0.1:4500
 interface lo UDP 127.0.0.1:500
 interface enp4s0 UDP 132.205.9.46:4500
 interface enp4s0 UDP 132.205.9.46:500
 interface enp5s4 UDP 132.205.9.50:4500
 interface enp5s4 UDP 132.205.9.50:500
 interface enp5s5 UDP 132.205.9.53:4500
 interface enp5s5 UDP 132.205.9.53:500
 interface virbr0 UDP 192.168.123.1:4500
 interface virbr0 UDP 192.168.123.1:500
 "RITA6c":   conn_prio: 128,128; interface: ; metric: 0; mtu: unset;
 sa_prio:auto; sa_tfc:none;
 dev@Ritchie:~$
>>> 
>>> Is this directly from bootup of the machine?
>>> 
>>> Reason could be your network configuration. Libreswan requires
>>> network-online.target before startup. But if you don't have setting for
>>> IPV6 address to be required on your interface, network-online.target
>>> finisheds before you have IPv6 address on the interface and so there is
>>> no ipv6 address when libreswan starts, yet.
>> You can confirm if this is the case by issuing:
>> sudo ipsec whack --listen
>> sudo ipsec status | grep interface
___
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev

Re: [Swan-dev] Libreswan 5.0 RC1 IPv6 ULA not accepted

2024-01-15 Thread Bill Atwood


My bad.

I had re-booted Ritchie, and forgotten to re-run the script that assigns 
the ULA.


After running that script, I see an established connection (on both 
Ritchie and Tarjan).


What I don't see is any evidence of an added interface on Ritchie (5.0 
RC1), where I do see this on Tarjan (4.12).  How does one access the new 
tunnel?


  Bill

dev@Ritchie:~$ ./fixaddr.sh
1: lo:  mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
   valid_lft forever preferred_lft forever
2: enp4s0:  mtu 1500 state UP qlen 1000
inet6 fd51:20d9:5ad2:b::2/64 scope global tentative
   valid_lft forever preferred_lft forever
inet6 fe80::21a:a0ff:fe15:62b8/64 scope link
   valid_lft forever preferred_lft forever
3: enp5s4:  mtu 1500 state UP qlen 1000
inet6 fe80::20e:cff:fea9:b90f/64 scope link
   valid_lft forever preferred_lft forever
4: enp5s5:  mtu 1500 state UP qlen 1000
inet6 fe80::20e:cff:fea9:b937/64 scope link
   valid_lft forever preferred_lft forever
dev@Ritchie:~$ sudo ipsec setup restart
Redirecting to: systemctl restart ipsec.service
dev@Ritchie:~$ sudo ipsec add RITA6c
"RITA6c": added IKEv2 connection
dev@Ritchie:~$ sudo ipsec status |grep interface
using kernel interface: xfrm
interface enp4s0 UDP [fd51:20d9:5ad2:b::2]:4500
interface enp4s0 UDP [fd51:20d9:5ad2:b::2]:500
interface lo UDP [::1]:4500
interface lo UDP [::1]:500
interface lo UDP 127.0.0.1:4500
interface lo UDP 127.0.0.1:500
interface enp4s0 UDP 132.205.9.46:4500
interface enp4s0 UDP 132.205.9.46:500
interface enp5s4 UDP 132.205.9.50:4500
interface enp5s4 UDP 132.205.9.50:500
interface enp5s5 UDP 132.205.9.53:4500
interface enp5s5 UDP 132.205.9.53:500
interface virbr0 UDP 192.168.123.1:4500
interface virbr0 UDP 192.168.123.1:500
"RITA6c":   conn_prio: 128,128; interface: enp4s0; metric: 0; mtu: 
unset; sa_prio:auto; sa_tfc:none;

dev@Ritchie:~$ sudo ipsec up RITA6c
"RITA6c" #1: initiating IKEv2 connection to fd51:20d9:5ad2:b::1 using UDP
"RITA6c" #1: sent IKE_SA_INIT request to [fd51:20d9:5ad2:b::1]:500
"RITA6c" #1: sent IKE_AUTH request {cipher=AES_GCM_16_256 integ=n/a 
prf=HMAC_SHA2_512 group=MODP2048}
"RITA6c" #1: initiator established IKE SA; authenticated peer '2048-bit 
RSASSA-PSS with SHA2_512' digital signature using peer certificate 
'CN=Tarjan certificate' issued by CA 'CN=ConU CSE HSPL'
"RITA6c" #2: initiator established Child SA using #1; IPsec tunnel 
[fd51:20d9:5ad2:b::2/128===fd51:20d9:5ad2:b::1/128] {ESP/ESN=>0xfee0113a 
<0xee7634c5 xfrm=AES_GCM_16_256-NONE DPD=passive}

dev@Ritchie:~$

On 1/15/2024 2:26 PM, Paul Wouters wrote:

On Mon, 15 Jan 2024, Tuomo Soini wrote:


On Mon, 15 Jan 2024 13:23:58 -0500
Bill Atwood  wrote:


Here is the result of the status command, on Ritchie (running 5.0
RC1):

dev@Ritchie:~$  sudo ipsec status | grep interface
[sudo] password for dev:
using kernel interface: xfrm
interface lo UDP [::1]:4500
interface lo UDP [::1]:500
interface lo UDP 127.0.0.1:4500
interface lo UDP 127.0.0.1:500
interface enp4s0 UDP 132.205.9.46:4500
interface enp4s0 UDP 132.205.9.46:500
interface enp5s4 UDP 132.205.9.50:4500
interface enp5s4 UDP 132.205.9.50:500
interface enp5s5 UDP 132.205.9.53:4500
interface enp5s5 UDP 132.205.9.53:500
interface virbr0 UDP 192.168.123.1:4500
interface virbr0 UDP 192.168.123.1:500
"RITA6c":   conn_prio: 128,128; interface: ; metric: 0; mtu: unset;
sa_prio:auto; sa_tfc:none;
dev@Ritchie:~$


Is this directly from bootup of the machine?

Reason could be your network configuration. Libreswan requires
network-online.target before startup. But if you don't have setting for
IPV6 address to be required on your interface, network-online.target
finisheds before you have IPv6 address on the interface and so there is
no ipv6 address when libreswan starts, yet.


You can confirm if this is the case by issuing:

sudo ipsec whack --listen
sudo ipsec status | grep interface



___
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev

Re: [Swan-dev] Libreswan 5.0 RC1 IPv6 ULA not accepted

2024-01-15 Thread Paul Wouters


On Mon, 15 Jan 2024, Tuomo Soini wrote:


On Mon, 15 Jan 2024 13:23:58 -0500
Bill Atwood  wrote:


Here is the result of the status command, on Ritchie (running 5.0
RC1):

dev@Ritchie:~$  sudo ipsec status | grep interface
[sudo] password for dev:
using kernel interface: xfrm
interface lo UDP [::1]:4500
interface lo UDP [::1]:500
interface lo UDP 127.0.0.1:4500
interface lo UDP 127.0.0.1:500
interface enp4s0 UDP 132.205.9.46:4500
interface enp4s0 UDP 132.205.9.46:500
interface enp5s4 UDP 132.205.9.50:4500
interface enp5s4 UDP 132.205.9.50:500
interface enp5s5 UDP 132.205.9.53:4500
interface enp5s5 UDP 132.205.9.53:500
interface virbr0 UDP 192.168.123.1:4500
interface virbr0 UDP 192.168.123.1:500
"RITA6c":   conn_prio: 128,128; interface: ; metric: 0; mtu: unset;
sa_prio:auto; sa_tfc:none;
dev@Ritchie:~$


Is this directly from bootup of the machine?

Reason could be your network configuration. Libreswan requires
network-online.target before startup. But if you don't have setting for
IPV6 address to be required on your interface, network-online.target
finisheds before you have IPv6 address on the interface and so there is
no ipv6 address when libreswan starts, yet.


You can confirm if this is the case by issuing:

sudo ipsec whack --listen
sudo ipsec status | grep interface

___
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev

Re: [Swan-dev] Libreswan 5.0 RC1 IPv6 ULA not accepted

2024-01-15 Thread Tuomo Soini

On Mon, 15 Jan 2024 13:23:58 -0500
Bill Atwood  wrote:

> Here is the result of the status command, on Ritchie (running 5.0
> RC1):
> 
> dev@Ritchie:~$  sudo ipsec status | grep interface
> [sudo] password for dev:
> using kernel interface: xfrm
> interface lo UDP [::1]:4500
> interface lo UDP [::1]:500
> interface lo UDP 127.0.0.1:4500
> interface lo UDP 127.0.0.1:500
> interface enp4s0 UDP 132.205.9.46:4500
> interface enp4s0 UDP 132.205.9.46:500
> interface enp5s4 UDP 132.205.9.50:4500
> interface enp5s4 UDP 132.205.9.50:500
> interface enp5s5 UDP 132.205.9.53:4500
> interface enp5s5 UDP 132.205.9.53:500
> interface virbr0 UDP 192.168.123.1:4500
> interface virbr0 UDP 192.168.123.1:500
> "RITA6c":   conn_prio: 128,128; interface: ; metric: 0; mtu: unset; 
> sa_prio:auto; sa_tfc:none;
> dev@Ritchie:~$

Is this directly from bootup of the machine?

Reason could be your network configuration. Libreswan requires
network-online.target before startup. But if you don't have setting for
IPV6 address to be required on your interface, network-online.target
finisheds before you have IPv6 address on the interface and so there is
no ipv6 address when libreswan starts, yet.

-- 
Tuomo Soini 
Foobar Linux services
+358 40 5240030
Foobar Oy 
___
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev

Re: [Swan-dev] Libreswan 5.0 RC1 IPv6 ULA not accepted

2024-01-15 Thread Bill Atwood


Here is the result of the status command, on Ritchie (running 5.0 RC1):

dev@Ritchie:~$  sudo ipsec status | grep interface
[sudo] password for dev:
using kernel interface: xfrm
interface lo UDP [::1]:4500
interface lo UDP [::1]:500
interface lo UDP 127.0.0.1:4500
interface lo UDP 127.0.0.1:500
interface enp4s0 UDP 132.205.9.46:4500
interface enp4s0 UDP 132.205.9.46:500
interface enp5s4 UDP 132.205.9.50:4500
interface enp5s4 UDP 132.205.9.50:500
interface enp5s5 UDP 132.205.9.53:4500
interface enp5s5 UDP 132.205.9.53:500
interface virbr0 UDP 192.168.123.1:4500
interface virbr0 UDP 192.168.123.1:500
"RITA6c":   conn_prio: 128,128; interface: ; metric: 0; mtu: unset; 
sa_prio:auto; sa_tfc:none;

dev@Ritchie:~$

The connection appears to be "partly up", but it has no interface that 
it is listening on.


In contrast, the same command on Tarjan (running 4.12) shows interface 
ens7 for connection TARI6c (which is the other end of the SA).


dev@Tarjan:~$ sudo ipsec status | grep interface
[sudo] password for dev:
000 using kernel interface: xfrm
000 interface ens7 UDP [fd51:20d9:5ad2:b::1]:4500
000 interface ens7 UDP [fd51:20d9:5ad2:b::1]:500
000 interface eno1 UDP [fd51:20d9:5ad2:9::1]:4500
000 interface eno1 UDP [fd51:20d9:5ad2:9::1]:500
000 interface lo UDP [::1]:4500
000 interface lo UDP [::1]:500
000 interface lo UDP 127.0.0.1:4500
000 interface lo UDP 127.0.0.1:500
000 interface eno1 UDP 132.205.9.37:4500
000 interface eno1 UDP 132.205.9.37:500
000 interface ens6 UDP 132.205.9.41:4500
000 interface ens6 UDP 132.205.9.41:500
000 interface ens7 UDP 132.205.9.45:4500
000 interface ens7 UDP 132.205.9.45:500
000 interface virbr0 UDP 192.168.123.1:4500
000 interface virbr0 UDP 192.168.123.1:500
000 "TAPE6c":   conn_prio: 128,128; interface: eno1; metric: 0; mtu: 
unset; sa_prio:auto; sa_tfc:none;
000 "TARI6c":   conn_prio: 128,128; interface: ens7; metric: 0; mtu: 
unset; sa_prio:auto; sa_tfc:none;
000 "mytunnel":   conn_prio: 32,32; interface: eno1; metric: 0; mtu: 
unset; sa_prio:auto; sa_tfc:none;
000 "tape6":   conn_prio: 128,128; interface: ; metric: 0; mtu: unset; 
sa_prio:auto; sa_tfc:none;

dev@Tarjan:~$

(Note that the connections TAPE6c, mytunnel, and tape6 are left over 
from previous experiments.)


Then, I edited RITA6c to remove the auto=add, restarted the daemon on 
Ritchie, and then did the "add" and "up" commands manually:


dev@Ritchie:~$ sudo ipsec setup restart
Redirecting to: systemctl restart ipsec.service
dev@Ritchie:~$ sudo ipsec status |grep interface
using kernel interface: xfrm
interface lo UDP [::1]:4500
interface lo UDP [::1]:500
interface lo UDP 127.0.0.1:4500
interface lo UDP 127.0.0.1:500
interface enp4s0 UDP 132.205.9.46:4500
interface enp4s0 UDP 132.205.9.46:500
interface enp5s4 UDP 132.205.9.50:4500
interface enp5s4 UDP 132.205.9.50:500
interface enp5s5 UDP 132.205.9.53:4500
interface enp5s5 UDP 132.205.9.53:500
interface virbr0 UDP 192.168.123.1:4500
interface virbr0 UDP 192.168.123.1:500
dev@Ritchie:~$ sudo ipsec add RITA6c
"RITA6c": added IKEv2 connection
dev@Ritchie:~$ sudo ipsec status |grep interface
using kernel interface: xfrm
interface lo UDP [::1]:4500
interface lo UDP [::1]:500
interface lo UDP 127.0.0.1:4500
interface lo UDP 127.0.0.1:500
interface enp4s0 UDP 132.205.9.46:4500
interface enp4s0 UDP 132.205.9.46:500
interface enp5s4 UDP 132.205.9.50:4500
interface enp5s4 UDP 132.205.9.50:500
interface enp5s5 UDP 132.205.9.53:4500
interface enp5s5 UDP 132.205.9.53:500
interface virbr0 UDP 192.168.123.1:4500
interface virbr0 UDP 192.168.123.1:500
"RITA6c":   conn_prio: 128,128; interface: ; metric: 0; mtu: unset; 
sa_prio:auto; sa_tfc:none;

dev@Ritchie:~$ sudo ipsec up RITA6c
"RITA6c": we cannot identify ourselves with either end of this 
connection.  fd51:20d9:5ad2:b::2 or fd51:20d9:5ad2:b::1 are not usable

dev@Ritchie:~$ sudo ipsec status |grep interface
using kernel interface: xfrm
interface lo UDP [::1]:4500
interface lo UDP [::1]:500
interface lo UDP 127.0.0.1:4500
interface lo UDP 127.0.0.1:500
interface enp4s0 UDP 132.205.9.46:4500
interface enp4s0 UDP 132.205.9.46:500
interface enp5s4 UDP 132.205.9.50:4500
interface enp5s4 UDP 132.205.9.50:500
interface enp5s5 UDP 132.205.9.53:4500
interface enp5s5 UDP 132.205.9.53:500
interface virbr0 UDP 192.168.123.1:4500
interface virbr0 UDP 192.168.123.1:500
"RITA6c":   conn_prio: 128,128; interface: ; metric: 0; mtu: unset; 
sa_prio:auto; sa_tfc:none;

dev@Ritchie:~$

NOTES on the above:
1) The output from the status command is identical for these two instances.
2) The daemon is NOT waiting on any IPv6 address (except on device "lo").

COMMENTS:

I am _not_ familiar with the Libreswan code.  However, I go back to my 
comments to this list on 2023-12-19 about "The XFRM address scope must 
be global", for which a reply was given on 2023-12-26 by Andrew.


A Unique Local Address (ULA) is not global, but it is routable.  It is 
certainly valid as an endpoint for an SA.


A Link-Local (LL) address is clearly not global,

Re: [Swan-dev] Libreswan 5.0 RC1 IPv6 ULA not accepted

2024-01-14 Thread Andrew Cagney

On Sat, 13 Jan 2024 at 18:13, Bill Atwood  wrote:
>
> ??
>
> I do not understand your reply.

Offhand, it looks like the connection should match:

conn RITA6c
left=fd51:20d9:5ad2:b::2
leftid="CN=Ritchie Certificate"
leftrsasigkey=%cert
leftcert=RIcert
right=fd51:20d9:5ad2:b::1
rightid="CN=Tarjan Certificate"
rightrsasigkey=%cert
auto=add

the interface:

2: enp4s0:  mtu 1500 state UP qlen 1000
 inet6 fd51:20d9:5ad2:b::2/64 scope global
valid_lft forever preferred_lft forever
 inet6 fe80::21a:a0ff:fe15:62b8/64 scope link
valid_lft forever preferred_lft forever

yet the output indicates that it couldn't vis:

"RITA6c": we cannot identify ourselves with either end of this
connection.  fd51:20d9:5ad2:b::2 or fd51:20d9:5ad2:b::1 are not usable

Two things to try:

- confirm that librreswan is listening on those interfaces vis:
  ipsec status | grep interface

- drop the auto=add from the connection and then run:
  ipsec add RITA6c
  ipsec up RITA6c
manually and confirm the problem persists.



> Libreswan refused to set up the connection, saying that
> "fd51:20d9:5ad2:b::2 or fd51:20d9:5ad2:b::1 are not usable".
>
>Bill
>
> On 1/13/2024 5:54 PM, Tuomo Soini wrote:
> > On Sat, 13 Jan 2024 16:56:29 -0500
> > Bill Atwood  wrote:
> >
> >> (continued from " 5.0 RC1 connection not found", with changed
> >> subject, because this is a new error).
> >>
> >> After renaming RITA6C to RITA6C.conf, I ran:
> >>
> >> sudo ipsec add RITA6c
> >>
> >> which reported that an IPsec connection had been established.
> >>
> >> However:
> >>
> >> ip addr show
> >>
> >> did *not* show the new interface.  Subsequently running
> >
> > There is no interfaces for IPsec with XFRM by default. So your test
> > worked just fine without any problems.
> >
>
> ___
> Swan-dev mailing list
> Swan-dev@lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
___
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev

Re: [Swan-dev] Libreswan 5.0 RC1 IPv6 ULA not accepted

2024-01-13 Thread Bill Atwood


??

I do not understand your reply.

Libreswan refused to set up the connection, saying that 
"fd51:20d9:5ad2:b::2 or fd51:20d9:5ad2:b::1 are not usable".


  Bill

On 1/13/2024 5:54 PM, Tuomo Soini wrote:

On Sat, 13 Jan 2024 16:56:29 -0500
Bill Atwood  wrote:


(continued from " 5.0 RC1 connection not found", with changed
subject, because this is a new error).

After renaming RITA6C to RITA6C.conf, I ran:

sudo ipsec add RITA6c

which reported that an IPsec connection had been established.

However:

ip addr show

did *not* show the new interface.  Subsequently running


There is no interfaces for IPsec with XFRM by default. So your test
worked just fine without any problems.



___
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev

Re: [Swan-dev] Libreswan 5.0 RC1 IPv6 ULA not accepted

2024-01-13 Thread Tuomo Soini

On Sat, 13 Jan 2024 16:56:29 -0500
Bill Atwood  wrote:

> (continued from " 5.0 RC1 connection not found", with changed
> subject, because this is a new error).
> 
> After renaming RITA6C to RITA6C.conf, I ran:
> 
> sudo ipsec add RITA6c
> 
> which reported that an IPsec connection had been established.
> 
> However:
> 
> ip addr show
> 
> did *not* show the new interface.  Subsequently running

There is no interfaces for IPsec with XFRM by default. So your test
worked just fine without any problems.

-- 
Tuomo Soini 
Foobar Linux services
+358 40 5240030
Foobar Oy 
___
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev

Re: [Swan-dev] Libreswan 5.0 RC1 IPv6 ULA not accepted

Re: [Swan-dev] Libreswan 5.0 RC1 IPv6 ULA not accepted

Re: [Swan-dev] Libreswan 5.0 RC1 IPv6 ULA not accepted

Re: [Swan-dev] Libreswan 5.0 RC1 IPv6 ULA not accepted

Re: [Swan-dev] Libreswan 5.0 RC1 IPv6 ULA not accepted

Re: [Swan-dev] Libreswan 5.0 RC1 IPv6 ULA not accepted

Re: [Swan-dev] Libreswan 5.0 RC1 IPv6 ULA not accepted

Re: [Swan-dev] Libreswan 5.0 RC1 IPv6 ULA not accepted

8 matches

Site Navigation

Mail list logo

Footer information