> I have a DEC Alpha at home running 4.0-current and am willing to help out with
> the testing. I am not the worlds greatest coder, but am willing to do what I can
Thanks!
The 1st thing I want to be tested is that, a kernel with
following additions to the config file
options INET6 #IPv6 communications protocols
options IPSEC #IP security
options IPSEC_ESP #IP security (crypto; define w/ IPSEC)
options IPSEC_IPV6FWD #IP security tunnel for IPv6
options IPSEC_DEBUG #debug for IP security
pseudo-device gif 4 #IPv6 and IPv4 tunneling
pseudo-device faith 1 #for IPv6 and IPv4 translation
just works fine,
and also all apps on your environments which you are usually
using still works fine on that kernel.
Then, I would like to know if IPv6 addresses and routes are
successfully installed.
These can be checked by,
ifconfig -a
netstat -rn -f inet6
And if ping6 or traceroute6 to those addrs are successful.
Then, I think something like following tests are desirable,
but to do these checks, more than 1 host is necessary.
Here I'll just give rough explanation.
(1)IPv6 host autoconfiguration
router side needs to run usr.sbin/rtadvd with rtadvd.conf config file
which includes address information to be auto configured.
rtadvd -c rtadvd.conf bar0
host needs to do following,
sysctl -w net.inet6.ip6.accept_rtadv=1
rtsol bar0
bar0 is any interface that either of the host and the
router is connected.
Details are in rtadvd(8), rtadvd.conf(5), rtsol(8)
(2)IPv6 communication via IPv6 router
Besides (1), router needs to run IPv6 routing
daemon. Currently there is usr.sbin/route6d.
Also, several global addr should be assigned to each of
routers interface. If no global addr, then site local addr
can be used for testing.(such as fec0:0:0:1::1)
You can use ifconfig or prefix command to assign them.
If assigning site local addr using prefix command,
prefix bar0 fec0:0:0:1000::
prefix bar1 fec0:0:0:2000::
sysctl -w net.inet6.ip6.forwarding=1
route6d -l
Details are in route6d(8)
(3)IPsec between 2 hosts (IPsec transport mode)
Setup IPsec association using usr.sbin/setkey on each host.
Specify IPsec policy for apps which would like to use IPsec.
Those apps must have an option which specify IPsec policy.
Usually it is -P option.
(currently, only supported by ping and some daemons)
Or specify IPsec policy using usr.sbin/setkey on each host.
Details are in setkey(8), ping(8), ipsec_set_policy(3)
(4)IPsec between 2 routers (IPsec tunnel mode)
Setup IPsec association and IPsec policy using
usr.sbin/setkey on each routers.
Also the default route is need to be installed on each routers,
due to some current IPsec tunnel mode implementation issue.
Details are in setkey(8), ipsec_set_policy(3)
If there is any unclear things, please ask me.
Yoshinobu Inoue
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
