Comments inline. -------------------------------------------- Gerhard Ge�ler
Communication Networks, IABG mbH Einsteinstr. 20 85521 Ottobrunn, Germany Telefon: +49 89 6088 - 2021 Fax: +49 89 6088 - 2845 E-Mail: [EMAIL PROTECTED] > -----Original Message----- > From: lorry [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 06, 2003 2:00 AM > To: [EMAIL PROTECTED] > Subject: Re: [Users]A big problem about configure FreeS/WAN > IPV6Patch! > > > Dear Gessler > > I modify the partitions of my hard disks and make sure > there is only one ext2 partition in both two > hosts.(Actually, in the file "/etc/fstab" there is an > option to mount a ext2 partition to a ext3.) I also change > the configuration of "interfaces=" from > 'interfaces=defaultroute' to 'interfaces="ipsec0=eth0"'. > These are what you told me. In addition, I remove a NIC of > "hp200", now two hosts have the same hardware configuration. Ok > I reinstall the RedHat Linux7.3 and FreeS/WAN with your > IPV6 Patch in each host. After I confgure the paramters of > network, compile the kernel and modify the > "/etc/ipsec.conf", I start the connection of "hp100-hp200" > again, I get the same failure. Fortunately, the root file > system is still ok this time. Good > By the way, I find an surprising phenomena, even the hp200 > host can't respond any key, I can still ping it. If I ping > "2001:250:f006:1::451",both on the screen of two hosts display > "IPsec6: Packet does not match inbound ESP policies" > "IPsec6: dropping packet" > If I ping another address of hp200(2001:250:f006:3::1), it > is normal. I can switch the login screen of hp200 and even > key my login name, but it never gives me an Password > prompt. Also I can't telnet to hp200. Hmm, I have never seen a machines keyboard freezing because of our software. I know of several people who use our software with RedHad and its working quite nice. The error message that IPv6 pings are dropped is fine. Once you have loaded the connection into Pluto, the SPD is in place, only allowing secured traffic to the other host. As no SADB entry matches the SPD, the packets are dropped. I don't know what wired this RedHat is doing so that you can not login again into this machine via console. Depending on from where and with what protocol (IPv4/IPv6) you want to telnet into the box, this can be an expected behaviour. > > I don't know what's wrong and how to correct the error! > Please help me. Thanks in advance. I don't know why Pluto does not do anything after the message "Aug 6 14:09:50 HP200 pluto[1207]: | route owner of "hp100-hp200" CK_PERMANENT unrouted: NULL; eroute owner: NULL". I have never experienced this and I can not reproduce it here. Can you just try to establish a tunnel mode connection between the 2 hosts? This is something that we do and test quite regular -> we never test transport mode :-) Best Regards, Gerhard PS: Please call be Gerhard, this is my first name :-) > > PS: The attachment includes the network parameters, route > tables, kernel options and some helpful information of > hp100 and hp200. Because two hosts have the same hardware > configuration, so I just give you only one copy of kernel options. > > Lorry > _______________________________________________ FreeS/WAN Users mailing list [EMAIL PROTECTED] https://mj2.freeswan.org/cgi-bin/mj_wwwusr
