LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Unable to establish IPv6 TCP connection with IPSec (https://www.linuxquestions.org/questions/linux-newbie-8/unable-to-establish-ipv6-tcp-connection-with-ipsec-4175498944/)

Sony Arpita 03-21-2014 02:49 AM
Unable to establish IPv6 TCP connection with IPSec
 
Hi All,

setkey.conf file:
-----------------
add 1000::12 1000::13 esp 0x201 -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f265325f6ddb555acfd9d77b03ea3843f265325 -A hmac-sha512 0x96ceabe0536babcdefab96358c90783bbfa3d7b18c90783bbfa3d7b1bfa3d7b196358c90783bbfa3d7b196ceabe0536b96 358c90783bbfa3d7b196ceabe0536b;
add 1000::13 1000::12 esp 0x301 -E aes-cbc 0xf6ddb555adfd9d77b03ea3843f265325f6ddb555acfd9d77b03ea3843f265325 -A hmac-sha512 0x96ceabe0536babcdefab96358c90783bbfa3d7b18c90783bbfa3d7b1bfa3d7b196358c90783bbfa3d7b196ceabe0536b96 358c90783bbfa3d7b196ceabe0536c;

spdadd 1000::12 1000::13 any -P out ipsec
esp/transport//require;

spdadd 1000::13 1000::12 any -P in ipsec
esp/transport//require;

With the above configuration, I am unable to establish TCP connections even after loading ah6 and esp6 driver modules:
# insmod ah6.ko
# insmod esp6.ko

Without IPSec, IPv6 TCP connections establish without issues.

Thanks.

estabroo 03-25-2014 10:23 AM
Does the other side have ipsec turned on as well? If it doesn't then, since you've set the level to 'require', it'll fail the connection. You could set the level to 'use' if you need to connect to the other machine before it's ipsec is setup.


All times are GMT -5. The time now is 04:50 PM.