[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(racoon 582) IPv6 and IPSec: No Neighbour Advertisement in SA negotiation

To: Racoon <racoon@kame.net>
Subject: (racoon 582) IPv6 and IPSec: No Neighbour Advertisement in SA negotiation
From: Juan Antonio Martínez Navarro <jamn2@alu.um.es>
Date: Wed, 21 Jul 2004 12:15:59 +0200
Delivered-to: racoon-archive@kame.net
Delivered-to: racoon-outgo@kame.net
Delivered-to: racoon@kame.net
Reply-to: racoon@kame.net
Sender: owner-racoon@kame.net

IPv6 and IPSec problem with Neighbor Solicitation

With no IPSec activated (racoon is down and no politics are defined),
this is a normal ping behavior :

(Info format)
No.     
Time        
Source                             
Destination           
Protocol 
Info

1 
0.000000    
2001:720:1710:0:202:b3ff:fe96:c538 
ff02::1:ff60:206e     
ICMPv6   
Neighbor solicitation

2 
0.010944    
2001:720:1710:0:202:b3ff:fe60:206e 
2001:720:1710:0:202:b3ff:fe96:c538 
ICMPv6   
Neighbor advertisement

3 
0.000094    
2001:720:1710:0:202:b3ff:fe96:c538 
2001:720:1710:0:202:b3ff:fe60:206e 
ICMPv6   
Echo request

4 
0.000120    
2001:720:1710:0:202:b3ff:fe60:206e 
2001:720:1710:0:202:b3ff:fe96:c538 
ICMPv6   
Echo reply


(... some pings omitted ...) 


11 
4.998439    
fe80::202:b3ff:fe60:206e 
2001:720:1710:0:202:b3ff:fe96:c538 
ICMPv6   
Neighbor solicitation


12 
4.998633    
2001:720:1710:0:202:b3ff:fe96:c538 
fe80::202:b3ff:fe60:206e 
ICMPv6   
Neighbor advertisement


13 
9.997580    
fe80::202:b3ff:fe96:c538 
fe80::202:b3ff:fe60:206e 
ICMPv6   
Neighbor solicitation


14 
9.997624    
fe80::202:b3ff:fe60:206e 
fe80::202:b3ff:fe96:c538 
ICMPv6   
Neighbor advertisement


You can see the neighbor solicitation (packet 1) and its response
(packet 2), a neighbor advertisement. All this works fine and there's no
problem. But...., let see what's happen when start up racoon and we
execute ping another time.

(wait a minute without doing nothing before start racoon)

No.     
Time        
Source                
Destination           
Protocol 
Info

1 
0.000000    
2001:720:1710:0:202:b3ff:fe96:c538 
ff02::1:ff60:206e     
ICMPv6   
Neighbor solicitation

2 
0.000933    
2001:720:1710:0:202:b3ff:fe60:206e 
2001:720:1710:0:202:b3ff:fe96:c538 
ISAKMP   
Identity Protection (Main Mode)

3 
0.999033    
2001:720:1710:0:202:b3ff:fe96:c538 
ff02::1:ff60:206e     
ICMPv6   
Neighbor solicitation 


4 
1.998805    
2001:720:1710:0:202:b3ff:fe96:c538 
ff02::1:ff60:206e     
ICMPv6   
Neighbor solicitation


( ... some retries more ommitted ...)


Here is the problem, no Neighbor Advertisement is responsed, so the
security asociation can't continue.

A temporal solution we've thought is doing a ping before starting up
racoon and a IPSec connection.

Any idea? any solution? Thanks.

Follow-Ups:
- (racoon 589) Re: IPv6 and IPSec: No Neighbour Advertisement in SA negotiation
  - From: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@linux-ipv6.org>
- (racoon 584) Re: IPv6 and IPSec: No Neighbour Advertisement in SA negotiation
  - From: Satoshi Inoue <inoue@ntes.ipv6.nec.co.jp>

Prev by Date: (racoon 581) Re: linux 2.6 - Racoon: failed to bind to link local IPv6 address
Next by Date: (racoon 583) Re: linux 2.6 - Racoon: failed to bind to link local IPv6 address
Previous by thread: (racoon 596) Re: DPD patch
Next by thread: (racoon 584) Re: IPv6 and IPSec: No Neighbour Advertisement in SA negotiation
Index(es):
- Date
- Thread