David Miller <da...@davemloft.net> writes: > What really irks me is that we "fixing" something without knowing what > actually is the problem.
Agreed > Someone needs to figure out exactly what is making the Juniper thing > unhappy. It really shouldn't care if a link local address is assigned > to the tun device, this is fundamental ipv6 stuff. Yes. Looks like this is up to Jonas and/or Valdis. I tried looking for a demo site which could be used to test the client, but could not find any. The product itself seems to be replaced, and it's no longer Juniper. And the recommended Linux solution seems to be OpenConnect: http://www.infradead.org/openconnect/juniper.html Anyway, it would be good to sort out the problems with the java(?) based client. A few proposals (not an exhaustive list - please use your creativity): a) Try to figure out what the traffic on the interface looks like (there was a single TX packet and no RX, I believe?). Snoop on it and see if that is an IPv6 RS from the kernel or something the client sends. b) Try to isolate the problem by tweaking what you can on the tun- interface. ip addr del <ipv6ll> dev tun0 echo 1 > /proc/sys/net/ipv6/conf/tun0/disable_ipv6 etc. Is there anything that will make the traffic flow, or is it just dead? c) Try to figure out what the client is doing. strace it. run lsof on it. Anything unexpected? Does it for example happen to read an packet from the tun file descriptor and choke? etc, Bjørn
