We use SuSE 7.3 on most of our systems and its working quite fine. Don't use SuSE
versions that have gcc 3.xx as the 2.4.7 kernel will not compile on those.
Your connection misses the left=xxxx:xxxx:....
What I asked you to test is a tunnel mode connection between hp100 and hp200 that
looks like:
conn hp100-hp200
left=xxxx:xxxx
leftsubnet=xxxx:xxxx/128
right=yyyy:yyyy
rightsubnet=yyyy:yyyy/128
Gerhard
--------------------------------------------
Gerhard Geßler
Communication Networks, IABG mbH
Einsteinstr. 20
85521 Ottobrunn, Germany
Telefon: +49 89 6088 - 2021
Fax: +49 89 6088 - 2845
E-Mail: [EMAIL PROTECTED]
> -----Original Message-----
> From: lorry [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 06, 2003 2:40 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Users]A big problem about configure FreeS/WAN
> IPV6Patch!
>
>
> Dear Gerhard
>
> After receive you last e-mail, I make two experiments.
>
> 1. I try to establish a tunnel mode connection between the
> 2 hosts like this:
> conn hp100-hp200
> [EMAIL PROTECTED]
> leftrsasigkey=0sAQO...
> leftsubnet=2001:250:f006:2::1/64
> [EMAIL PROTECTED]
> rightrsasigkey=0sAQO...
> right=2001:250:f006:1::451
> rightsubnet=2001:250:f006:3::1/64
> keyingtries=2
> ikelifetime=30m
> keylife=10m
> rekeymargin=30s
> rekeyfuzz=1%
> authby=rsasig
> type=tunnel
> connaddrfamily=ipv6
> auto=add
> Then I start the connection of "hp100-hp200", it's still
> the same error.
> 2. I remove the IPV4 address of every NIC, delete FreeS/WAN
> on two hosts and make FreeS/WAN with IPV6 Patch again. Then
> I verify the FreeS/WAN:
> [EMAIL PROTECTED] lorry]# ipsec verify
> Checking for KLIPS support in kernel [OK]
> Checking for RSA private key (/etc/ipsec.secrets) [OK]
> Checking that pluto is running [OK]
> Checking if IPchains has port 500 hole (all) accepted
> [OK]
> Checking if IPchains has port 500 hole (default) accepted
> [OK]
> Checking if IPchains has port 500 hole (eth0) accepted
> [OK]
> Checking if IPchains has port 500 hole (eth1) accepted
> [OK]
> Checking if IPchains has port 500 hole (ipsec0) accepted
> [OK]
> Checking if IPchains has port 500 hole (lo) accepted
> [OK]
> DNS checks.
> Looking for forward key for HP100.ntl.ict.ac.cn [OK]
> Does the machine have at least one non-private address [failed]
>
> If I start the connection of "hp100-hp200" brutely, it will
> display an error.
> [EMAIL PROTECTED] lorry]# ipsec auto --up hp100-hp200
> 022 "hp100-hp200" we have no ipsecN interface for either
> end of this connection
>
> I hear that IPV6 Patch doesn't utilize the virtual IPSEC
> interface like in IPv4. But how to explain the phenomena?
>
> I feel too upset to continue. Can you tell me which version
> of Suse linux you use and your recommend configuration of
> kenerl, network, route and FreeS/WAN. Can you find
> something wrong with my configuration from my last mail?
> Please help me. Thanks in advance.
>
> Lorry
>
>
>
>
>
>
>
> _______________________________________________
> FreeS/WAN Users mailing list
> [EMAIL PROTECTED]
> https://mj2.freeswan.org/cgi-bin/mj_wwwusr
>
_______________________________________________
FreeS/WAN Users mailing list
[EMAIL PROTECTED]
https://mj2.freeswan.org/cgi-bin/mj_wwwusr
