[Swan-dev] Libreswan 5.0 RC1 IPv6 ULA not accepted

Andrew Cagney andrew.cagney at gmail.com
Sun Jan 14 16:51:55 EET 2024 

On Sat, 13 Jan 2024 at 18:13, Bill Atwood <williamatwood41 at gmail.com> wrote:
>
> ??
>
> I do not understand your reply.

Offhand, it looks like the connection should match:

conn RITA6c
    left=fd51:20d9:5ad2:b::2
    leftid="CN=Ritchie Certificate"
    leftrsasigkey=%cert
    leftcert=RIcert
    right=fd51:20d9:5ad2:b::1
    rightid="CN=Tarjan Certificate"
    rightrsasigkey=%cert
    auto=add

the interface:

2: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
     inet6 fd51:20d9:5ad2:b::2/64 scope global
        valid_lft forever preferred_lft forever
     inet6 fe80::21a:a0ff:fe15:62b8/64 scope link
        valid_lft forever preferred_lft forever

yet the output indicates that it couldn't vis:

"RITA6c": we cannot identify ourselves with either end of this
connection.  fd51:20d9:5ad2:b::2 or fd51:20d9:5ad2:b::1 are not usable

Two things to try:

- confirm that librreswan is listening on those interfaces vis:
  ipsec status | grep interface

- drop the auto=add from the connection and then run:
  ipsec add RITA6c
  ipsec up RITA6c
manually and confirm the problem persists.



> Libreswan refused to set up the connection, saying that
> "fd51:20d9:5ad2:b::2 or fd51:20d9:5ad2:b::1 are not usable".
>
>    Bill
>
> On 1/13/2024 5:54 PM, Tuomo Soini wrote:
> > On Sat, 13 Jan 2024 16:56:29 -0500
> > Bill Atwood <williamatwood41 at gmail.com> wrote:
> >
> >> (continued from " 5.0 RC1 connection not found", with changed
> >> subject, because this is a new error).
> >>
> >> After renaming RITA6C to RITA6C.conf, I ran:
> >>
> >> sudo ipsec add RITA6c
> >>
> >> which reported that an IPsec connection had been established.
> >>
> >> However:
> >>
> >> ip addr show
> >>
> >> did *not* show the new interface.  Subsequently running
> >
> > There is no interfaces for IPsec with XFRM by default. So your test
> > worked just fine without any problems.
> >
>
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev

More information about the Swan-dev mailing list