I don't know if you can use link-local addresses with racoon in all cases
(I proposed one day some patches about this. BTW there is a security
issue, I'd like to reopen the question).
For the moment just use global addresses.

Regards

[EMAIL PROTECTED]

PS: a sanity rule should be to reject phase 2 addresses with
a strickly narrower scope than used in phase one. There are
security reasons (argument?) and practical reasons (can't get
the zone ID of a smaller zone). Itojun, do you remember my mail
about this?

---------------------------------------------------------------------
The IPv6 Users Mailing List
Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED]

Reply via email to