From: Gessler Gerhard (Gessler_at_iabg.de)
Date: Tue Dec 10 2002 - 15:13:15 CET
> -----Original Message-----
> From: Kaustubh.Kumbhalkar_at_lntinfotech.com
> [mailto:Kaustubh.Kumbhalkar_at_lntinfotech.com]
> Sent: Tuesday, December 10, 2002 11:57 AM
> To: Gessler Gerhard
> Cc: design_at_lists.freeswan.org
> Subject: RE: multiple security associations in ipsec6
>
>
> hi
> i have found the place where this message is given,
> it is in pluto code in file kernel.c line no 940.
> i haven't looked into the pluto code so it is not clear to
> me why the flow is going into this if condition. iam
> looking into the issue ,it would be very helpful if you
> could give your comments on this.
Well, while only reading this snippet of code, I am very tempted to say that this problem is caused by the way Pluto has to work for IPv4 (thinks to KLIPS and routing tricks)
You could try to not execute this checks when the IP address family of the connection that Pluto is handling right now is IPv6. This might work and solve your problem
Currently I don't have the time and the systems at hand to code and do the check myself. Please do it and report what you have found out to this list and to me.
Thanks,
Gerhard
>
> for your reference this is the code snippet from the file -
> if (ro != NULL && !routes_agree(ro, c))
> {
> loglog(RC_LOG_SERIOUS, "cannot route -- route already
> in use for \"%s\""
> , ro->name);
> return FALSE; /* another connection already using
> the eroute */
> }
>
> #ifdef KLIPS
> /* if there is an eroute for another connection, there
> is a problem */
> if (ero != NULL && ero != c)
> {
> loglog(RC_LOG_SERIOUS, "cannot install eroute -- it
> is in use for \"%s\""
> , ero->name);
> return FALSE; /* another connection already using
> the eroute */
> }
> #endif /* KLIPS */
> return TRUE;
> }
>
> thanks and regards
> kausty
>
>
> Tuesday, 10 December 2002 3:30 PM
> To: <Kaustubh.Kumbhalkar_at_lntinfotech.com>,
> <design_at_lists.freeswan.org>, <users_at_lists.freeswan.org>
> cc:
> From: "Gessler Gerhard" <Gessler_at_iabg.de>
> Subject: RE: multiple security associations in ipsec6
>
>
>
> Can you locate what part of FreeS/WAN does give you that
> error message?
>
> For IPv6, we don't need to touch the routing table.
>
> Best Regards,
>
> Gerhard
>
> --------------------------------------------
> Gerhard Geßler
>
> Communication Networks, IABG mbH
> Einsteinstr. 20
> 85521 Ottobrunn, Germany
>
> Telefon: +49 89 6088 - 2021
> Fax: +49 89 6088 - 2845
>
> E-Mail: gessler_at_iabg.de
>
> > -----Original Message-----
> > From: Kaustubh.Kumbhalkar_at_lntinfotech.com
> > [mailto:Kaustubh.Kumbhalkar_at_lntinfotech.com]
> > Sent: Monday, December 09, 2002 6:39 PM
> > To: design_at_lists.freeswan.org; users_at_lists.freeswan.org
> > Cc: Gessler Gerhard
> > Subject: multiple security associations in ipsec6
> >
> >
> > hi
> > i was trying to create SA 's between two ipsec machines A &
> > B having following ipv6 addresses
> > A B
> > --- -----
> > 3ffe::1 3ffe::1
> > 3ffe::2 3ffe::2
> >
> > i require SA's between all the combinations of addresses
> > between the two machines. for e.g Security association at A
> > --------------------------
> > SA1 src addr = 3ffe::1 dst addr = 3ffe::1
> >
> > SA2 src addr = 3ffe::1 dst addr = 3ffe::2
> >
> > SA3 src addr = 3ffe::2 dst addr = 3ffe::1
> >
> > SA4 src addr = 3ffe::2 dst addr = 3ffe::2
> >
> > Security association at B
> > --------------------------
> > SA1 src addr = 3ffe::1 dst addr = 3ffe::1
> >
> > SA2 src addr = 3ffe::1 dst addr = 3ffe::2
> >
> > SA3 src addr = 3ffe::2 dst addr = 3ffe::1
> >
> > SA4 src addr = 3ffe::2 dst addr = 3ffe::2
> >
> >
> > but i can only create SA1 and SA4, or a tunnel mode SA
> > between the same src and destinations(in which case it
> > rekeys the SA's created earlier for transport mode). if i
> > try to create any other SA it gives me the message
> > -internal error ,the route is already in use. why does this
> > happen when the eroute table has both the source and
> > destination addresses,and how can i over come this problem.
> > iam desperately in need of having SA;s with all address
> > combinations. can anyone pls help.
> >
> > thanks and regards
> >
> >
>
>
--------------------------------------------
Gerhard Geßler
Communication Networks, IABG mbH
Einsteinstr. 20
85521 Ottobrunn, Germany
Telefon: +49 89 6088 - 2021
Fax: +49 89 6088 - 2845
E-Mail: gessler_at_iabg.de
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Wed Dec 11 2002 - 05:21:06 CET