(usagi-users 01318) Re: First quick interop results between IABG's IPv6 enabled FreeSWAN and 6WIND Edge Device / FreeBSD

[Kazunori Miyazawa <miyazawa@xxxxxxxxxxxxxxxxx>]

Hi,

Thank you for your announcement.

On Fri, 15 Mar 2002 11:28:54 +0100
Gerhard Gessler <gessler@xxxxxxx> wrote:

> Hi all,
> 
> IABG is pleased to announce that we have successfuly done first interop
> tests between our IPv6 enabled FreeSWAN (1.91 based) and a 6WIND Edge
> Device. Also interop tests between FreeBSD (4.3) and our IPv6 enabled
> FreeSWAN have been successful.
> 
That's nice. Our kernel and modefied pluto can also exchange the keys and
communicate over IPv6 IPsec with KAME. 
However they can only use tranport mode yet. :-<

Additionally we have the problem that if USAGI and KAME hosts are on same
link and configured address base policy, they fail to do neighbour discovery.
Because KAME expect that neighbour discovery packet are also applied IPsec
but USAGI cannot apply IPsec to NA packet, NS pacekt. We can avoid the problem
with address and protocol based policy.
We try to fix it.

> The used scenario was an automatic keyed secured Subnet-to-Subnet
> communication with 3DES for encryption and SHA1 for authentication (via
> ESP).
> 
> More detailed testresults, also with other configurations will follow.
> 

Does your kernel have the addresses as SA which are ends of tunnel?

Regards,

> Best Regards,
> 
> 	Gerhard
> 
> -- 
> ---------------------------------------------------
> 
> Communication Networks, IABG mbH
> Einsteinstr. 20
> 85521 Ottobrunn, Germany
> 
> Telefon: +49 89 6088 - 2021
> Fax: +49 89 6088 - 2845
> 
> E-Mail: gessler@xxxxxxx
> 
> 

--Kazunori Miyazawa(YOKOGAWA Electric Corporation)