Hi, all
I get a big problem when i configure FreeS/WAN IPV6Patch.
I have two hosts, one has two network-interface-cards, the cother
has three cards. I configure every card an IPV4 addrress and IPV6 address.
I install FreeS/WAN IPV6Patch on each host and verify it, everything is ok!
Then I make an experiment on IPV6 Transport Mode support as the documention said,
but I get failure!
The topology of my network is:
HP100.ntl.ict.ac.cn(eth0,eth1)------------------------HP200.ntl.ict.ac.cn(eth0,eth1,eth2)
HP100
eth0
IPV6ADDR='2001:250:f006:1::450/124'
IPADDR='192.168.6.110/16'
eth1
IPV6ADDR='2001:250:f006:1::440/124'
IPADDR='192.168.6.111/16'
HP200
eth0
IPV6ADDR='2001:250:f006:1::451/124'
IPADDR='192.168.6.112/16'
eth1
IPV6ADDR='2001:250:f006:1::460/124'
IPADDR='192.168.6.113/16'
eth2
IPV6ADDR='2001:250:f006:1::461/124'
IPADDR='192.168.6.114/16'
I modify the ipsec.conf as the "Transport Mode Example" said,
# /etc/ipsec.conf - FreeS/WAN IPSEC configuration file
# basic configuration
config setup
# specific or defaultroute which is okay for most simple cases
interfaces="ipsec0=eth0"
klipsdebug=none
plutodebug=none
plutoload=search
plutostart=search
# defaults for subsequent connection descriptions
conn default
keyingtries=0
conn hp100-hp200
[EMAIL PROTECTED]
leftrsasigkey=0sAQ...
left=2001:250:f006:1::450
leftsubnet=
[EMAIL PROTECTED]
rightrsasigkey=0sAQ...
right=2001:250:f006:1::451
rightsubnet=
keyingtries=2
ikelifetime=55m
keylife=52m
rekeymargin=30s
rekeyfuzz=1
authby=rsasig
type=transport
connaddrfamily=ipv6
auto=add
Then I restart ipsec and startup the "hp100-hp200" connection,I get failure.
[EMAIL PROTECTED] lorry]# service ipsec restart
ipsec_setup: Stopping FreeS/WAN IPsec...
ipsec_setup: IPv6/IPsec security policy database
ipsec_setup: SPD6 cleared.
ipsec_setup: Starting FreeS/WAN IPsec U1.99/K1.91...
[EMAIL PROTECTED] lorry]# ipsec auto --up hp100-hp200
104 "hp100-hp200" #1: STATE_MAIN_I1: initiate
106 "hp100-hp200" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "hp100-hp200" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "hp100-hp200" #1: STATE_MAIN_I4: ISAKMP SA established
112 "hp100-hp200" #2: STATE_QUICK_I1: initiate
010 "hp100-hp200" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
010 "hp100-hp200" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
031 "hp100-hp200" #2: max number of retransmissions (2) reached STATE_QUICK_I1.
No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
000 "hp100-hp200" #2: starting keying attempt 2 of at most 2, but releasing whack
I also find the HP200 goes down and can't respond to any key. By the way,
I installed RedHat7.3(2.4.18-2) on two hostes.
Does anyone knows where i am going wrong or know how to solve this problem?
Any help would be greatly appreciated.
Thanks in advance!
Lorry
