News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Development  >  1.8b Development
linktree Topic: IPv6 Ipsec not working - Phase 2 fails
Pages: [1]
Topic: IPv6 Ipsec not working - Phase 2 fails  (Read 2351 times)
« on: June 12, 2012, 00:31:26 »
iridris ***
Posts: 145
I'm attempting to get IPv6 IPsec working between two m0n0walls running 1.8b510. I've copied the configuration on both ends from my working IPv4 configuration (with the exception of the IP addresses of course). Do I have a misconfiguration somewhere or could there be a bug?

Logs from the first m0n0wall:
Code:
Jun 11 18:06:40 racoon: INFO: initiate new phase 2 negotiation: 2001:4978:f:369::2[500]<=>2001:4978:f:2a9::2[500]
Jun 11 18:04:02 racoon: ERROR: 2001:4978:f:2a9::2 give up to get IPsec-SA due to time up to wait.
Jun 11 18:03:32 racoon: INFO: initiate new phase 2 negotiation: 2001:4978:f:369::2[500]<=>2001:4978:f:2a9::2[500]
Jun 11 18:03:32 racoon: [2001:4978:f:2a9::2] INFO: received INITIAL-CONTACT
Jun 11 18:03:32 racoon: INFO: ISAKMP-SA established 2001:4978:f:369::2[500]-2001:4978:f:2a9::2[500] spi:bfb6fb7ed2e52e37:959b467e3d3947c4
Jun 11 18:03:32 racoon: [2001:4978:f:2a9::2] NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
Jun 11 18:03:32 racoon: INFO: received Vendor ID: DPD
Jun 11 18:03:31 racoon: INFO: begin Aggressive mode.
Jun 11 18:03:31 racoon: INFO: initiate new phase 1 negotiation: 2001:4978:f:369::2[500]<=>2001:4978:f:2a9::2[500]
Jun 11 18:03:31 racoon: INFO: IPsec-SA request for 2001:4978:f:2a9::2 queued due to no phase1 found.

Logs from the second m0n0wall:
Code:
Jun 11 18:03:33 racoon: [2001:4978:f:369::2] ERROR: failed to pre-process ph2 packet (side: 1, status: 1).
Jun 11 18:03:33 racoon: ERROR: failed to get sainfo.
Jun 11 18:03:33 racoon: ERROR: failed to get sainfo.
Jun 11 18:03:33 racoon: INFO: respond new phase 2 negotiation: 2001:4978:f:2a9::2[500]<=>2001:4978:f:369::2[500]
Jun 11 18:03:33 racoon: [2001:4978:f:369::2] INFO: received INITIAL-CONTACT
Jun 11 18:03:33 racoon: INFO: ISAKMP-SA established 2001:4978:f:2a9::2[500]-2001:4978:f:369::2[500] spi:bfb6fb7ed2e52e37:959b467e3d3947c4
Jun 11 18:03:32 racoon: [2001:4978:f:369::2] NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
Jun 11 18:03:32 racoon: INFO: received Vendor ID: DPD
Jun 11 18:03:32 racoon: INFO: begin Aggressive mode.
Jun 11 18:03:32 racoon: INFO: respond new phase 1 negotiation: 2001:4978:f:2a9::2[500]<=>2001:4978:f:369::2[500]
« Reply #1 on: June 12, 2012, 22:34:48 »
brushedmoss ****
Posts: 446
Not sure why you get this error, you are doing an ipv6 vpn that has ipv6 endpoints and ipv6 subnets in the rules ? mixed inet family vpns are not supported
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines