I don't know if you can use link-local addresses with racoon in all cases (I proposed one day some patches about this. BTW there is a security issue, I'd like to reopen the question). For the moment just use global addresses. Regards [EMAIL PROTECTED] PS: a sanity rule should be to reject phase 2 addresses with a strickly narrower scope than used in phase one. There are security reasons (argument?) and practical reasons (can't get the zone ID of a smaller zone). Itojun, do you remember my mail about this? --------------------------------------------------------------------- The IPv6 Users Mailing List Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED]
