Hello, I know this may not be the forum to ask this question, but I am haivng no luck on finding out if there is a solution to the problem stated below. I am looking to see if anyone from this group has seen this issue:
Running ipsec-tools-0.6.7 on a Linux client and host. I use Racoon with pre-shared keys and Security Policies with ESP/AHs configured for IPv4 and IPv6. There is no problem with IPv4. I see a chicken and the egg problem with IPv6. An ICMPv6 Neighbor Solicitation goes from Host A to Host B. This is o.k. because it is not subject to IPsec. The ICMPv6 Neighbor Discovery from Host B is not o.k. because since there exists a SP that requires ESP/AH, it triggers an SA negotiation. So, it looks like a loop is created and the result is that it does not work. I have tried adding in: spdadd ::/0 ::/0 icmp6 -P out none; spdadd ::/0 ::/0 icmp6 -P in none; And although the icmps are now not subject to IPsec, I still get the "phase1 negotiation" failure in Racoon. The only way (besides not using Racoon and manually adding keyed SA's) is the following: 1. Stop the Racoon daemons flush/spdflush all the SAs and SPDs 2. Issue a ping6. 3. Re-issue the SPDs. 4. Start Racoon. Does anyone know of a permanent solution to this issue? Thanks, Phil Bellino ============================ Phil Bellino MRV Communications, Inc. Boston Product Division 295 Foster St. Littleton,MA 01460 Tel: (978)952-4807 Email: [EMAIL PROTECTED] ============================ _______________________________________________ Users mailing list Users@ipv6.org https://lists.ipv6.org/mailman/listinfo/users
