<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; =
charset=us-ascii">
<META content="MSHTML 6.00.2800.1515" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face="Bookman Old Style" color=#0000ff><SPAN
class=692335913-27092005>Hi,</SPAN></FONT></DIV>
<DIV><FONT face="Bookman Old Style" color=#0000ff><SPAN
class=692335913-27092005></SPAN></FONT> </DIV>
<DIV><FONT face="Bookman Old Style"><SPAN class=692335913-27092005>I =
am running
IPSEC related tests over IPV6 using tahi test tool.</SPAN></FONT></DIV>
<DIV><FONT face="Bookman Old Style"><SPAN =
class=692335913-27092005>If I set
security rules using <STRONG>setkey , </STRONG>ping6 will not work =
.
If I flush all the SAD entries then ping6 will =
work.</SPAN></FONT></DIV>
<DIV><FONT face="Bookman Old Style"><SPAN class=692335913-27092005>I =
tried with
google I couldnt get suiatable answer.</SPAN></FONT></DIV>
<DIV><FONT face="Bookman Old Style"><SPAN =
class=692335913-27092005> why is
it so? </SPAN></FONT><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005>Does any one knows the =
answer?</SPAN></FONT></DIV>
<DIV><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005></SPAN></FONT> </DIV>
<DIV><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005></SPAN></FONT> </DIV>
<DIV><FONT face="Bookman Old Style"><SPAN =
class=692335913-27092005>Detailed
problem is as follows.</SPAN></FONT></DIV>
<DIV><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005></SPAN></FONT> </DIV>
<DIV><FONT face="Bookman Old Style"><SPAN =
class=692335913-27092005>NUT: (
Debian/ Linux 2.6.10, ipsec-tools_0.6.1-1_ia64.deb) </SPAN></FONT></DIV>
<DIV><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005>linux#ifconfig eth2</SPAN></FONT></DIV>
<DIV><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005>eth2 Link
encap:Ethernet HWaddr
00:12:79:9E:49:B8<BR> &nbs=
p; inet
addr:10.1.1.1 Bcast:10.255.255.255
Mask:255.0.0.0<BR> =
inet6
addr: fe80::212:79ff:fe9e:49b8/64
Scope:Link<BR> UP
BROADCAST RUNNING MULTICAST MTU:1500
Metric:1<BR> RX
packets:10108 errors:0 dropped:0 overruns:0
frame:0<BR> TX
packets:8832 errors:0 dropped:0 overruns:0
carrier:0<BR> =
collisions:0
txqueuelen:1000<BR> =
RX
bytes:12557471 (11.9 MiB) TX bytes:1009218 (985.5
KiB)<BR> Base
address:0x8040 Memory:c8120000-c8140000</SPAN></FONT></DIV>
<DIV><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005></SPAN></FONT> </DIV>
<DIV><FONT><SPAN class=692335913-27092005><FONT face="Bookman Old =
Style">TN:
(freebsd-5.4)</FONT></SPAN></FONT></DIV>
<DIV><FONT><SPAN class=692335913-27092005></SPAN></FONT><FONT
face="Bookman Old Style"><SPAN =
class=692335913-27092005>freebsd1#ifconfig
bge0</SPAN></FONT></DIV>
<DIV><FONT><SPAN class=692335913-27092005><FONT
face="Bookman Old Style"><FONT>bge0:
flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu
1500<BR>
options=1a<TXCSUM,VLAN_MTU,VLAN_HWTAGGING><BR> &=
nbsp;
inet6 fe80::20e:7fff:fe29:811d%bge0 prefixlen 64 scopeid
0x1<BR> ether
00:0e:7f:29:81:1d<BR> media: =
Ethernet
autoselect (100baseTX
<full-duplex>)<BR> =
status:
active</FONT><BR></FONT></DIV>
<DIV><FONT face="Bookman Old Style"></FONT> </DIV>
<DIV></SPAN></FONT><SPAN class=692335913-27092005><FONT
face="Bookman Old Style">At NUT, </FONT></SPAN></DIV>
<DIV><SPAN class=692335913-27092005></SPAN><FONT><SPAN
class=692335913-27092005><FONT face="Bookman Old Style">linux# cat
sadaddrule<BR>add fe80::212:79ff:fe9e:49b8 =
fe80::20e:7fff:fe29:811d ah
0x1000 -m transport -A hmac-sha1 "TAHITEST89ABCDEF0123"
;</FONT></SPAN></FONT></DIV>
<DIV><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005></SPAN></FONT> </DIV>
<DIV><FONT face="Bookman Old Style"><SPAN =
class=692335913-27092005>linux# cat
spdrule<BR>spdadd fe80::212:79ff:fe9e:49b8 fe80::20e:7fff:fe29:811d any =
-P out
;</SPAN></FONT></DIV>
<DIV><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005></SPAN></FONT> </DIV>
<DIV><FONT face="Bookman Old Style"><SPAN =
class=692335913-27092005>linux#setkey
-f sadaddrule</SPAN></FONT></DIV>
<DIV><FONT face="Bookman Old Style"><SPAN =
class=692335913-27092005>linux#setkey
-f spdrule</SPAN></FONT></DIV>
<DIV><FONT face="Bookman Old Style"><FONT><SPAN =
class=692335913-27092005>linux#
setkey -aD<BR>fe80::212:79ff:fe9e:49b8
fe80::20e:7fff:fe29:811d<BR> =
ah
mode=transport spi=4096(0x00001000)
reqid=0(0x00000000)<BR> A:
hmac-sha1 54414849 54455354 38394142 43444546
30313233<BR> seq=0x00000000 =
replay=0
flags=0x00000000 =
state=mature<BR>
created: Sep 27 19:42:07 2005 current: Sep 27 19:42:18
2005<BR> diff:
11(s) hard: 0(s) =
soft:
0(s)<BR>
last: &n=
bsp; &nb=
sp;
hard: 0(s) soft:
0(s)<BR> current:
0(bytes) hard: 0(bytes) soft:
0(bytes)<BR> allocated:
0 hard: 0 soft:
0<BR> sadb_seq=0 pid=31734 =
refcnt=0<BR><BR></SPAN></FONT><FONT><SPAN =
class=692335913-27092005>Now if I
ping6 from TN</SPAN></FONT></FONT></DIV>
<DIV><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005></SPAN></FONT> </DIV>
<DIV><FONT face="Bookman Old Style"><SPAN =
class=692335913-27092005>freebsd1#
ping6 -I bge0 fe80::212:79ff:fe9e:49b8<BR>ping6 -I bge0
fe80::212:79ff:fe9e:49b8<BR>PING6(56=40+8+8 bytes) =
fe80::20e:7fff:fe29:811d%bge0
--> fe80::212:79ff:fe9e:49b8</SPAN></FONT></DIV>
<DIV><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005></SPAN></FONT> </DIV>
<DIV><FONT><SPAN class=692335913-27092005><FONT
face="Bookman Old Style">^C<BR>--- fe80::212:79ff:fe9e:49b8 ping6 =
statistics
---<BR>305 packets transmitted, 0 packets received, 100.0% packet
loss<BR></FONT></DIV></SPAN></FONT>
<DIV><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005></SPAN></FONT> </DIV>
<DIV><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005></SPAN></FONT> </DIV>
<DIV><FONT face="Bookman Old Style"><SPAN =
class=692335913-27092005>At NUT,
tcpdump </SPAN></FONT></DIV>
<DIV><FONT face="Bookman Old Style"><SPAN =
class=692335913-27092005>linux#
tcpdump -i eth2<BR>tcpdump: verbose output suppressed, use -v or -vv for =
full
protocol decode<BR>listening on eth2, link-type EN10MB (Ethernet), =
capture size
96 bytes<BR>19:43:22.508520 fe80::20e:7fff:fe29:811d > =
ff02::1:ff9e:49b8:
icmp6: neighbor sol: who has fe80::212:79ff:fe9e:49b8<BR>19:43:23.508491 =
fe80::20e:7fff:fe29:811d > ff02::1:ff9e:49b8: icmp6: neighbor sol: =
who has
fe80::212:79ff:fe9e:49b8<BR>19:43:24.508518 fe80::20e:7fff:fe29:811d =
>
ff02::1:ff9e:49b8: icmp6: neighbor sol: who has
fe80::212:79ff:fe9e:49b8<BR>19:43:26.508572 fe80::20e:7fff:fe29:811d =
>
ff02::1:ff9e:49b8: icmp6: neighbor sol: who has
fe80::212:79ff:fe9e:49b8<BR>19:43:27.508724 fe80::20e:7fff:fe29:811d =
>
ff02::1:ff9e:49b8: icmp6: neighbor sol: who has
fe80::212:79ff:fe9e:49b8<BR>19:43:28.508749 fe80::20e:7fff:fe29:811d =
>
ff02::1:ff9e:49b8: icmp6: neighbor sol: who has
fe80::212:79ff:fe9e:49b8<BR>19:43:30.508803 fe80::20e:7fff:fe29:811d =
>
ff02::1:ff9e:49b8: icmp6: neighbor sol: who has
fe80::212:79ff:fe9e:49b8<BR>19:43:31.508831 fe80::20e:7fff:fe29:811d =
>
ff02::1:ff9e:49b8: icmp6: neighbor sol: who has
fe80::212:79ff:fe9e:49b8<BR>19:43:32.508857 fe80::20e:7fff:fe29:811d =
>
ff02::1:ff9e:49b8: icmp6: neighbor sol: who has
fe80::212:79ff:fe9e:49b8<BR>19:43:34.508912 fe80::20e:7fff:fe29:811d =
>
ff02::1:ff9e:49b8: icmp6: neighbor sol: who has
fe80::212:79ff:fe9e:49b8<BR>^c</SPAN></FONT></DIV>
<DIV><FONT><SPAN class=692335913-27092005><FONT
face="Bookman Old Style"></FONT></SPAN></FONT> </DIV>
<DIV><FONT face="Bookman Old Style"><SPAN =
class=692335913-27092005>If I flush
all SAD , SPD entries using <STRONG>setkey -F</STRONG> , ping6 goes =
fine.
i.e NUT is replying back .</SPAN></FONT><FONT><SPAN
class=692335913-27092005><FONT
face="Bookman Old Style"></FONT></DIV></SPAN></FONT>
<DIV><FONT><SPAN class=692335913-27092005><FONT face="Bookman Old =
Style">Let me
know if you have solution to this =
problem.</FONT></SPAN></FONT></DIV>
<DIV><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005></SPAN></FONT> </DIV>
<DIV><FONT><SPAN class=692335913-27092005><FONT face="Bookman Old =
Style">Thanks
,</FONT></SPAN></FONT></DIV>
<DIV><FONT><SPAN class=692335913-27092005><FONT
face="Bookman Old Style">Praveen </FONT></DIV></SPAN></FONT>
<DIV><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005></SPAN></FONT> </DIV>
<DIV><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005></SPAN></FONT> </DIV>
<DIV><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005></SPAN></FONT> </DIV>
<DIV><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005></SPAN></FONT> </DIV>
<DIV><FONT><SPAN class=692335913-27092005><FONT
face="Bookman Old Style"></FONT> </DIV>
<DIV><FONT face="Bookman Old Style"><BR></FONT></DIV></SPAN></FONT>
<DIV><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005></SPAN></FONT> </DIV>
<DIV><FONT><SPAN class=692335913-27092005><FONT
face="Bookman Old Style"></FONT> </DIV></SPAN></FONT>
<DIV><FONT><SPAN class=692335913-27092005><FONT
face="Bookman Old Style"></FONT> </DIV></SPAN></FONT>
<DIV><FONT><SPAN class=692335913-27092005><FONT
face="Bookman Old Style"></FONT> </DIV>
<DIV><FONT face="Bookman Old Style"><BR></FONT></DIV></SPAN></FONT>
<DIV><FONT face="Bookman Old Style"><SPAN
class=692335913-27092005></SPAN></FONT> </DIV>
<DIV><FONT face="Bookman Old Style"><FONT><SPAN
class=692335913-27092005> </DIV></SPAN></FONT></FONT>
<DIV><FONT><SPAN class=692335913-27092005> </DIV>
<DIV><FONT face="Bookman Old Style"><BR></FONT> </DIV>
<DIV><FONT face="Bookman Old Style"></FONT> </DIV>
<DIV><FONT
face="Bookman Old =
Style"></FONT> </DIV></SPAN></FONT></BODY></HTML>