[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: system/4188: IPv6 isakmpd(8) doesn't work

To: bugs_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
Subject: Re: system/4188: IPv6 isakmpd(8) doesn't work
From: itojun_(_at_)_itojun_(_dot_)_org (Jun-ichiro itojun Hagino)
Date: Wed, 27 Apr 2005 00:55:02 -0600 (MDT)
Cc:
Reply-to: itojun_(_at_)_itojun_(_dot_)_org (Jun-ichiro itojun Hagino)

The following reply was made to PR system/4188; it has been noted by GNATS.

From: itojun_(_at_)_itojun_(_dot_)_org (Jun-ichiro itojun Hagino)
To: eric-list-openbsd-misc_(_at_)_catastrophe_(_dot_)_net
Cc: gnats_(_at_)_openbsd_(_dot_)_org
Subject: Re: system/4188: IPv6 isakmpd(8) doesn't work
Date: Wed, 27 Apr 2005 15:36:44 +0900 (JST)

 	i need some clarification.
 
 > >How-To-Repeat:
 >  Generate an IPv6 isakmpd.conf between two hosts. Here are my configs
 >  and anything else I've found..
 > 
 > A tcpdump shows this on the receiving host, "EAST."
 > 
 > 20:20:14.275120 2001:x:y:z:20a:5eff:fe21:2f6b >
 > 2001:x:y:z:203:47ff:fea4:3e12: ip-proto-50 100 (len 100, hlim 64)
 >                          6000 0000 0064 3240 2001 xxxx yyyy zzzz
 >                          020a 5eff fe21 2f6b 2001 xxxx yyyy zzzz
 >                          0203 47ff fea4 3e12 d594 f6ae 0000 0031
 >                          b97e 8aff 3f01 f8ce bf76 6c64 0031 d5da
 >                          d6ef a9f8 2a71 6ef8 4921 6596 8279 fb67
 >                          4ae3
 > 20:20:15.274830 2001:x:y:z:203:47ff:fea4:3e12 >
 > 2001:x:y:z:20a:5eff:fe21:2f6b: ip-proto-50 100 (len 100, hlim 64)
 >                          6000 0000 0064 3240 2001 xxxx yyyy zzzz
 >                          0203 47ff fea4 3e12 2001 xxxx yyyy zzzz
 >                          020a 5eff fe21 2f6b 2581 3e7d 0000 0032
 >                          b11d fb60 3d27 7cf9 6e3f 7cc0 4f51 6842
 >                          f0ff 7133 e603 9870 c957 bb5b 78c4 9c77
 >                          4ccf
 
 	2001:x:y:z:203:47ff:fea4:3e12 = WEST?  if so, the following sentence
 	does not make sense.
 
 > However, I get no ICMP response back on the sending host, "WEST."
 
 
 > I see the traffic passed via pf(4) watching pflogd(8)
 > 
 > Apr 21 20:22:22.291057 rule 27/0(match): pass in on fxp0:
 > 2001:x:y:z:20a:5eff:fe21:2f6b > 2001:x:y:z:203:47ff:fea4:3e12:
 > icmp6: echo request (len 16, hlim 64)
 
 	are you sending unencrypted ICMPv6 echo request here?
 
 
 	if possible, snoop (hopefully) encrypted traffic by other machine
 	on the same subnet (i.e. not EAST nor WEST).
 
 itojun

Prev by Date: [PATCH] mixerctl(1): unbreak the '-q' flag
Next by Date: OpenBSD 3.7-current reads from atapi cdrom drive without end
Previous by thread: [PATCH] mixerctl(1): unbreak the '-q' flag
Next by thread: OpenBSD 3.7-current reads from atapi cdrom drive without end
Index(es):
- Date
- Thread

Visit your host, monkey.org