[Swan-dev] Libreswan 5.0 RC1 IPv6 ULA not accepted
Andrew Cagney
andrew.cagney at gmail.com
Sun Jan 14 16:51:55 EET 2024
On Sat, 13 Jan 2024 at 18:13, Bill Atwood <williamatwood41 at gmail.com> wrote:
>
> ??
>
> I do not understand your reply.
Offhand, it looks like the connection should match:
conn RITA6c
left=fd51:20d9:5ad2:b::2
leftid="CN=Ritchie Certificate"
leftrsasigkey=%cert
leftcert=RIcert
right=fd51:20d9:5ad2:b::1
rightid="CN=Tarjan Certificate"
rightrsasigkey=%cert
auto=add
the interface:
2: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fd51:20d9:5ad2:b::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::21a:a0ff:fe15:62b8/64 scope link
valid_lft forever preferred_lft forever
yet the output indicates that it couldn't vis:
"RITA6c": we cannot identify ourselves with either end of this
connection. fd51:20d9:5ad2:b::2 or fd51:20d9:5ad2:b::1 are not usable
Two things to try:
- confirm that librreswan is listening on those interfaces vis:
ipsec status | grep interface
- drop the auto=add from the connection and then run:
ipsec add RITA6c
ipsec up RITA6c
manually and confirm the problem persists.
> Libreswan refused to set up the connection, saying that
> "fd51:20d9:5ad2:b::2 or fd51:20d9:5ad2:b::1 are not usable".
>
> Bill
>
> On 1/13/2024 5:54 PM, Tuomo Soini wrote:
> > On Sat, 13 Jan 2024 16:56:29 -0500
> > Bill Atwood <williamatwood41 at gmail.com> wrote:
> >
> >> (continued from " 5.0 RC1 connection not found", with changed
> >> subject, because this is a new error).
> >>
> >> After renaming RITA6C to RITA6C.conf, I ran:
> >>
> >> sudo ipsec add RITA6c
> >>
> >> which reported that an IPsec connection had been established.
> >>
> >> However:
> >>
> >> ip addr show
> >>
> >> did *not* show the new interface. Subsequently running
> >
> > There is no interfaces for IPsec with XFRM by default. So your test
> > worked just fine without any problems.
> >
>
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
More information about the Swan-dev
mailing list