Oops, missed another point:
Don't use %defaultroute to assign the physical interface to the virtual ipsec
interface. %defaultroute uses the IPv4 routing table while you want to use IPv6. Set
the assignment of virtual to physical interface explicitly!
Gerhard
--------------------------------------------
Gerhard Ge�ler
Communication Networks, IABG mbH
Einsteinstr. 20
85521 Ottobrunn, Germany
Telefon: +49 89 6088 - 2021
Fax: +49 89 6088 - 2845
E-Mail: [EMAIL PROTECTED]
> -----Original Message-----
> From: lorry [mailto:[EMAIL PROTECTED]
> Sent: Monday, August 04, 2003 7:00 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Users]A big problem about configure FreeS/WAN
> IPV6Patch!
>
>
> Dear Gessler
>
> I set "plutodebug=all" in the "ipsec.conf" and change my
> IPV6 addresses
> from /124 to /64 as what you told me! But pluto is still
> fail to negotiate
> the Phase 2 SA and more horrible is my root file system of
> HP200 is corrupted.
> You know I should cut the power of the hp200 and restart it
> again beacuse
> it can't respond to any key. I can't correct it by "fsck"
> so i must reinstall
> my RedHat7.3(2.4.18-3). It has appeared for four times so
> i'm afraid it will
> repeat again. In addition, this time i also change
> 'interfaces="ipsec0=eth0"'
> to interfaces=%defaultroute' in "ipsec.conf".
>
> I check the "secure" log of hp200, the last line writes:
> "route owner of "hp100-hp200" CK_PERMANENT unrouted: NULL;
> eroute owner: NULL".
> (see the attachment)
>
> I also find an surprising phenomena that if i modify the
> parameters of network
> and "service network restart" under kernel-2.4.7, it
> displays ok, but if ping
> a host that i can ping before, it gives me an error.
> [EMAIL PROTECTED] ipsec.d]# ping6 2001:250:f006:1::2
> PING 2001:250:f006:1::2(2001:250:f006:1::2) from
> 2001:250:f006:1::450 : 56 data
> bytes
> 64 bytes from 2001:250:f006:1::2: icmp_seq=1 ttl=64 time=0.561 ms
> 64 bytes from 2001:250:f006:1::2: icmp_seq=2 ttl=64 time=0.245 m
> --- 2001:250:f006:1::2 ping statistics ---
> 2 packets transmitted, 2 received, 0% loss, time 999ms
> rtt min/avg/max/mdev = 0.245/0.403/0.561/0.158 ms
> [EMAIL PROTECTED] ipsec.d]# service network restart
> Shutting down interface eth0: [ OK ]
> Shutting down interface eth1: [ OK ]
> Shutting down loopback interface: [ OK ]
> Setting network parameters: [ OK ]
> Bringing up loopback interface: [ OK ]
> Bringing up interface eth0: [ OK ]
> Bringing up interface eth1: [ OK ]
> [EMAIL PROTECTED] ipsec.d]# ping6 2001:250:f006:1::2
> PING 2001:250:f006:1::2(2001:250:f006:1::2) from
> 2001:250:f006:1::450 : 56 data
> bytes
> ping: sendmsg: Invalid argument
> ping: sendmsg: Invalid argument
>
> I must restart the computer to correct it ,but if i restart
> network again
> even i doesn't modify the parameters, it gets failure again. But in
> kernel-2.4.18-3, it disappears.
>
> The "/etc/network" of hp100 is:
> NETWORKING=yes
> HOSTNAME=HP100.ntl.ict.ac.cn
> NETWORKING_IPV6=yes
> IPV6FORWARDING=yes
> IPV6_DEFAULTGW=2001:250:f006:1::451
> GATEWAY=192.168.234.1
>
> I suspect that there are some problems with the
> kernel-2.4.7 or maybe
> my kernel option is wrong. Could you give me some advice?
> Thanks in advance.
>
> PS:I should apologize to you for boring you with the repeat mail.
> Please forgive an anxious boy who is in trouble.
>
> Lorry
>
>
>
