Hello,
I am trying to use vpnc in an IPv6 only network.
The network is using DNS64 to create AAAA entries in a dedicated /96
ipv6 network that maps the whole IPv4 address range. Using NAT64 the
IPv6 connection is translated into IPv4 at the router.
When trying to use vpnc in this network, I get the following error:
[20:14] manager:~% sudo vpnc ~/.eth-vpn.conf
vpnc: connecting to port 62465: Network is unreachable
[20:14] manager:~% grep gateway .eth-vpn.conf
IPSec gateway vpn-cluster.ethz.ch
[20:15] manager:~% ping -c2 vpn-cluster.ethz.ch
PING vpn-cluster.ethz.ch(sslvpn.ethz.ch (2a0a:e5c0:0:1:0:1:8184:63a4)) 56 data bytes
64 bytes from sslvpn.ethz.ch (2a0a:e5c0:0:1:0:1:8184:63a4): icmp_seq=1 ttl=242 time=53.9 ms
64 bytes from sslvpn.ethz.ch (2a0a:e5c0:0:1:0:1:8184:63a4): icmp_seq=2 ttl=242 time=95.1 ms
--- vpn-cluster.ethz.ch ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 53.931/74.554/95.177/20.623 ms
[20:15] manager:~%
Using strace -fF it is visible that vpnc resolves the host, but seems to
use only the A entry:
mprotect(0x7f4ffeec7000, 4096, PROT_READ) = 0
mprotect(0x7f4fff0cf000, 4096, PROT_READ) = 0
munmap(0x7f5000aaa000, 171356) = 0
socket(AF_INET6, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET6, sin6_port=htons(53), inet_pton(AF_INET6, "2a0a:e5c0::3", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = 0
poll([{fd=3, events=POLLOUT}], 1, 0) = 1 ([{fd=3, revents=POLLOUT}])
sendto(3, "r\333\1\0\0\1\0\0\0\0\0\0\vvpn-cluster\4ethz\2ch"..., 37, MSG_NOSIGNAL, NULL, 0) = 37
poll([{fd=3, events=POLLIN}], 1, 5000) = 1 ([{fd=3, revents=POLLIN}])
ioctl(3, FIONREAD, [264]) = 0
recvfrom(3, "r\333\201\200\0\1\0\1\0\r\0\0\vvpn-cluster\4ethz\2ch"..., 1024, 0, {sa_family=AF_INET6, sin6_port=htons(53), inet_pton(AF_INET6, "2a0a:e5c0::3", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, [28]) = 264
close(3) = 0
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
bind(3, {sa_family=AF_INET, sin_port=htons(500), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(500), sin_addr=inet_addr("129.132.99.164")}, 16) = -1 ENETUNREACH (Network is unreachable)
write(2, "vpnc: ", 6vpnc: ) = 6
write(2, "connecting to port 62465", 24connecting to port 62465) = 24
write(2, ": Network is unreachable", 24: Network is unreachable) = 24
write(2, "\n", 1
) = 1
exit_group(1) = ?
+++ exited with 1 +++
You have new mail.
Is it possible to add happy eyeballs algorithm support to VPNC to solve
this problem?
Best regards,
Nico
--
Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch
_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/
I am trying to use vpnc in an IPv6 only network.
The network is using DNS64 to create AAAA entries in a dedicated /96
ipv6 network that maps the whole IPv4 address range. Using NAT64 the
IPv6 connection is translated into IPv4 at the router.
When trying to use vpnc in this network, I get the following error:
[20:14] manager:~% sudo vpnc ~/.eth-vpn.conf
vpnc: connecting to port 62465: Network is unreachable
[20:14] manager:~% grep gateway .eth-vpn.conf
IPSec gateway vpn-cluster.ethz.ch
[20:15] manager:~% ping -c2 vpn-cluster.ethz.ch
PING vpn-cluster.ethz.ch(sslvpn.ethz.ch (2a0a:e5c0:0:1:0:1:8184:63a4)) 56 data bytes
64 bytes from sslvpn.ethz.ch (2a0a:e5c0:0:1:0:1:8184:63a4): icmp_seq=1 ttl=242 time=53.9 ms
64 bytes from sslvpn.ethz.ch (2a0a:e5c0:0:1:0:1:8184:63a4): icmp_seq=2 ttl=242 time=95.1 ms
--- vpn-cluster.ethz.ch ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 53.931/74.554/95.177/20.623 ms
[20:15] manager:~%
Using strace -fF it is visible that vpnc resolves the host, but seems to
use only the A entry:
mprotect(0x7f4ffeec7000, 4096, PROT_READ) = 0
mprotect(0x7f4fff0cf000, 4096, PROT_READ) = 0
munmap(0x7f5000aaa000, 171356) = 0
socket(AF_INET6, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET6, sin6_port=htons(53), inet_pton(AF_INET6, "2a0a:e5c0::3", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = 0
poll([{fd=3, events=POLLOUT}], 1, 0) = 1 ([{fd=3, revents=POLLOUT}])
sendto(3, "r\333\1\0\0\1\0\0\0\0\0\0\vvpn-cluster\4ethz\2ch"..., 37, MSG_NOSIGNAL, NULL, 0) = 37
poll([{fd=3, events=POLLIN}], 1, 5000) = 1 ([{fd=3, revents=POLLIN}])
ioctl(3, FIONREAD, [264]) = 0
recvfrom(3, "r\333\201\200\0\1\0\1\0\r\0\0\vvpn-cluster\4ethz\2ch"..., 1024, 0, {sa_family=AF_INET6, sin6_port=htons(53), inet_pton(AF_INET6, "2a0a:e5c0::3", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, [28]) = 264
close(3) = 0
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
bind(3, {sa_family=AF_INET, sin_port=htons(500), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(500), sin_addr=inet_addr("129.132.99.164")}, 16) = -1 ENETUNREACH (Network is unreachable)
write(2, "vpnc: ", 6vpnc: ) = 6
write(2, "connecting to port 62465", 24connecting to port 62465) = 24
write(2, ": Network is unreachable", 24: Network is unreachable) = 24
write(2, "\n", 1
) = 1
exit_group(1) = ?
+++ exited with 1 +++
You have new mail.
Is it possible to add happy eyeballs algorithm support to VPNC to solve
this problem?
Best regards,
Nico
--
Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch
_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/