ipsec

Postcards from the Bleeding Edge: ipsec over ipv6 for olpc/* style modified from glish: http://www.glish.com/css/ */body{margin:0px 0px 0px 0px;font-family:trebuchet ms, verdana, sans-serif;background-color:white;}#Title{font-size:63px;padding-left:15px;padding-top:10px;text-transform:uppercase;font-family:trebuchet ms, verdana, sans-serif;}#Title a {text-decoration:none;color:inherit;}#Description{padding:0px;padding-top:10px;font-size:12px;font-weight:normal}.DateHeader{border-bottom:none;font-size:15px;text-align:left;margin-top:20px;margin-bottom:14px;padding:1px;padding-left:17px;color:gray;font-family:trebuchet ms, verdana, sans-serif;}.PostTitle{font-size:18px;font-weight:bold}.Post{padding-left:20px;margin-bottom:20px;text-indent:10px;padding-right:10px;line-height:20px}.PostFooter{margin-bottom:15px;margin-left:0px;color:black;font-size:10px}#leftcontent{background-color:whitesmoke;border-right:2px dashed #000;border-bottom:0px dashed #000;float:left;padding-bottom:20px;margin-right:15px;padding:0px;width:80%;border-top:0px dashed #000}.SideBarTitle{font-weight:bold;font-size:18px}h1{font-size:14px;padding-top:10px}a{text-decoration:none}a:hover{border-bottom:dashed 1px red}#rightcontent{font-size:12px;margin-left:0px;text-transform:none;padding-right:2px;background-color:white;}.blogComments{font-size:15px;text-align:left;margin-top:20px;margin-bottom:14px;padding:1px;padding-left:17px;color:gray;font-family:trebuchet ms, verdana, sans-serif;}.blogComment{margin-top:10px;margin-bottom:10px;color:black;text-indent:10px;padding-right:20px;line-height:22px}.deleted-comment {font-style:italic;color:gray;}.byline{margin-bottom:20px;margin-left:0px;margin-right:10px;color:black;font-size:10px;display:inline}#profile-container { }.profile-datablock { }.profile-img {display:inline;}.profile-img img {float:left;margin:0 10px 0px 0;border:4px solid #ccc;}#profile-container p { }#profile-container .profile-textblock { }.profile-data strong {display:block;}.comment-link {margin-left:.6em;}@import url("http://www.blogger.com/css/blog_controls.css"); @import url("http://www.blogger.com/dyn-css/authorization.css?targetBlogID=3570726"); @import url(http://www.blogger.com/css/navbar/classic.css); div.b-mobile {display:none;} Postcards from the Bleeding EdgeSaturday, March 29, 2008 ipsec over ipv6 for olpcI got ipsec over ipv6 to work yesterday, on my laptop, server, and olpc. I couldn't get it to work using setkey or racoon, but racoon2 worked the first time.Nowhere on the net could I find an example of a working ipv6 to ipv6 setup for linux ipsec - even though the protocol was designed for that scenario in the first place, and only painfully adapted to ipv4 scenarios over the course of years.The setup:OLPC -> laptop -> hurricane electric tunnel -> toutatis.2/48 -> 1/48 -> /64 -> ipv4 tunnel -> ipv6 at he -> toutatis.taht.netYea! a static ipv6 address! Now that I have squid (from cvs), jabber, dns, web, ssh all running pure ipv6, No IPv4 on the client is now feasible. I'm free of IPv4! with Native encryption! Bwhahahahaha...Naturally I started playing with ipsec. The initial key negotiation phase is painfully slow, especially over a 220ms internet RTT, but after that the ipsec vpn tunnel is completely transparent to the user (and opaque to the sniffer). It's pretty darn fast on local connections though.All kinds of things "just worked", but I got into a world of hurt dealing with NetworkManager on the laptop providing the tunnel. NetworkMangler arbitrarily takes your interface up and down to get an ipv4 address and wipes out your pre-existing ipv6 setup when it should just co-exist. !@#!@#!@I still haven't figured out how to make NM do the right thing. If you add static ipv6 ips on the olpc, they also get flushed when NM does its thing. Shouldn't ipv6 on a given device just stay up and let RA (router advertisement) do its thing, most of the time? There must be some kind of RS (router solicitation) message that says - "I'm not sure if I'm still on the right net"... I'd like my ssh over ipv6 connections to stay running through a dhcpv4 change whenever possible... part of the point of ipv6 stateless autoconfiguration is that you don't neeed a sharecropper's lease anymore.The latest firefox beta works great running on the olpc. Much more usable, at least for an adult, and having adblock+ running on the olpc is a real win. The olpc also works (once you turn -notcp off) X11 client/server over ipv6. It is a great X-terminal! I can think of lots of ways X could be used in this way - keeping an executable on the school server and just displaying it on the olpc would ease on major software rollouts - and allow the use of more complex software that won't fit into the memory available on the olpc. On my wireless network you simply don't notice the fact that (firefox for example) is running on a remote server, 'cept when you want to use flash. Startup time is vastly improved and scrolling is totally fast.... In poking about ipsec I noticed that the geode processor in the olpc has a hardware encryption block. A couple ipv6 network and ipsec benchmarks are in order, and I'm going to go fight with NetworkMangler some more...Labels: ipsec, ipv6, networking, olpc ¶ 5:10 AM Comments:Post a CommentLinks to this post: See links to this post posted by @ Create a Link<< HomeMike Taht takes time out from engineering to write about politics, space, copyright, guis, VOIP, operating systems... and whatever else is bugging him at the moment.Resume,Songs,Asteroids (Toutatis) gpg keyOrgs I likeThe EFF - keeping free speech in the worldMusical stuff I likeJeff, Rick, Ardour, Jack Prior Rants - RFC: Better future desiredReligion and TCPDHCP, IPv4, home networks, and IPv6... with DNSAn inconvenient discussionBanning the biblebot - effective filtrationVRM and identityPimps flat rate itunesArthur C. Clarke diesDropping privoxy, giving the firefox beta a shotSpreading safe hexBest of the blog: Uncle Bill's Helicopter - A speech I gave to ITT Tech - Chicken soup for engineers Beating the Brand - A pathological exploration of how branding makes it hard to think straightInside the Internet Mind - trying to map the weather within the global supercomputer that consists of humans and googleSex In Politics - If politicians spent more time pounding the flesh rather than pressing it, it would be a better worldGetting resources from space - An alternative to blowing money on mars using NEAs. On the Columbia - Why I care about space Authors I like: Doc SearlsWhere's Cherie?UrbanAgoraJerry PournelleThe Cubic DogEvan HuntThe Bay Area is talkingBMC's blogZimnoiac EmanationsEric RaymondUnlocking The AirBob MageBroadBand & MeSpaceCraftSelenian BoondocksMy PencilTransterrestial MusingsBear Waller HollarCallahansIf you really want to, you can poke through the below links as well.About Me Name: Mike Taht Location: Erewhon, Cyberspace I have been facing the music for all my triumphs and sins, and it's been good. View my complete profileARCHIVES06/09/2002 - 06/16/2002 /07/28/2002 - 08/04/2002 /08/11/2002 - 08/18/2002 /08/18/2002 - 08/25/2002 /08/25/2002 - 09/01/2002 /09/22/2002 - 09/29/2002 /11/10/2002 - 11/17/2002 /12/15/2002 - 12/22/2002 /12/22/2002 - 12/29/2002 /12/29/2002 - 01/05/2003 /01/05/2003 - 01/12/2003 /01/19/2003 - 01/26/2003 /01/26/2003 - 02/02/2003 /02/09/2003 - 02/16/2003 /02/16/2003 - 02/23/2003 /03/02/2003 - 03/09/2003 /03/16/2003 - 03/23/2003 /04/06/2003 - 04/13/2003 /04/13/2003 - 04/20/2003 /04/20/2003 - 04/27/2003 /05/04/2003 - 05/11/2003 /05/18/2003 - 05/25/2003 /05/25/2003 - 06/01/2003 /06/01/2003 - 06/08/2003 /06/08/2003 - 06/15/2003 /06/15/2003 - 06/22/2003 /06/22/2003 - 06/29/2003 /06/29/2003 - 07/06/2003 /07/20/2003 - 07/27/2003 /07/27/2003 - 08/03/2003 /08/03/2003 - 08/10/2003 /08/10/2003 - 08/17/2003 /08/17/2003 - 08/24/2003 /08/24/2003 - 08/31/2003 /08/31/2003 - 09/07/2003 /09/07/2003 - 09/14/2003 /09/14/2003 - 09/21/2003 /09/21/2003 - 09/28/2003 /09/28/2003 - 10/05/2003 /10/05/2003 - 10/12/2003 /10/12/2003 - 10/19/2003 /10/19/2003 - 10/26/2003 /10/26/2003 - 11/02/2003 /11/02/2003 - 11/09/2003 /11/09/2003 - 11/16/2003 /11/30/2003 - 12/07/2003 /12/07/2003 - 12/14/2003 /12/14/2003 - 12/21/2003 /12/28/2003 - 01/04/2004 /01/11/2004 - 01/18/2004 /01/18/2004 - 01/25/2004 /01/25/2004 - 02/01/2004 /02/01/2004 - 02/08/2004 /02/08/2004 - 02/15/2004 /02/15/2004 - 02/22/2004 /02/22/2004 - 02/29/2004 /02/29/2004 - 03/07/2004 /03/14/2004 - 03/21/2004 /03/21/2004 - 03/28/2004 /03/28/2004 - 04/04/2004 /04/04/2004 - 04/11/2004 /04/11/2004 - 04/18/2004 /04/18/2004 - 04/25/2004 /04/25/2004 - 05/02/2004 /05/02/2004 - 05/09/2004 /05/09/2004 - 05/16/2004 /05/16/2004 - 05/23/2004 /05/30/2004 - 06/06/2004 /06/06/2004 - 06/13/2004 /06/13/2004 - 06/20/2004 /06/20/2004 - 06/27/2004 /06/27/2004 - 07/04/2004 /07/04/2004 - 07/11/2004 /07/11/2004 - 07/18/2004 /07/18/2004 - 07/25/2004 /08/08/2004 - 08/15/2004 /08/22/2004 - 08/29/2004 /08/29/2004 - 09/05/2004 /09/05/2004 - 09/12/2004 /09/19/2004 - 09/26/2004 /09/26/2004 - 10/03/2004 /10/03/2004 - 10/10/2004 /10/10/2004 - 10/17/2004 /10/17/2004 - 10/24/2004 /10/24/2004 - 10/31/2004 /10/31/2004 - 11/07/2004 /11/07/2004 - 11/14/2004 /11/14/2004 - 11/21/2004 /11/21/2004 - 11/28/2004 /11/28/2004 - 12/05/2004 /12/05/2004 - 12/12/2004 /12/12/2004 - 12/19/2004 /12/19/2004 - 12/26/2004 /12/26/2004 - 01/02/2005 /01/02/2005 - 01/09/2005 /01/16/2005 - 01/23/2005 /01/23/2005 - 01/30/2005 /01/30/2005 - 02/06/2005 /02/06/2005 - 02/13/2005 /02/13/2005 - 02/20/2005 /02/20/2005 - 02/27/2005 /02/27/2005 - 03/06/2005 /03/06/2005 - 03/13/2005 /03/27/2005 - 04/03/2005 /04/03/2005 - 04/10/2005 /04/10/2005 - 04/17/2005 /05/29/2005 - 06/05/2005 /06/05/2005 - 06/12/2005 /06/12/2005 - 06/19/2005 /06/19/2005 - 06/26/2005 /06/26/2005 - 07/03/2005 /07/03/2005 - 07/10/2005 /07/10/2005 - 07/17/2005 /07/24/2005 - 07/31/2005 /07/31/2005 - 08/07/2005 /08/07/2005 - 08/14/2005 /08/14/2005 - 08/21/2005 /08/21/2005 - 08/28/2005 /08/28/2005 - 09/04/2005 /09/04/2005 - 09/11/2005 /09/11/2005 - 09/18/2005 /09/18/2005 - 09/25/2005 /09/25/2005 - 10/02/2005 /10/02/2005 - 10/09/2005 /10/09/2005 - 10/16/2005 /10/16/2005 - 10/23/2005 /10/23/2005 - 10/30/2005 /10/30/2005 - 11/06/2005 /11/06/2005 - 11/13/2005 /11/13/2005 - 11/20/2005 /11/20/2005 - 11/27/2005 /11/27/2005 - 12/04/2005 /12/04/2005 - 12/11/2005 /12/11/2005 - 12/18/2005 /12/18/2005 - 12/25/2005 /01/01/2006 - 01/08/2006 /01/08/2006 - 01/15/2006 /01/15/2006 - 01/22/2006 /01/22/2006 - 01/29/2006 /01/29/2006 - 02/05/2006 /02/19/2006 - 02/26/2006 /03/05/2006 - 03/12/2006 /03/19/2006 - 03/26/2006 /03/26/2006 - 04/02/2006 /04/02/2006 - 04/09/2006 /04/09/2006 - 04/16/2006 /04/23/2006 - 04/30/2006 /05/07/2006 - 05/14/2006 /05/14/2006 - 05/21/2006 /05/21/2006 - 05/28/2006 /06/04/2006 - 06/11/2006 /06/11/2006 - 06/18/2006 /06/18/2006 - 06/25/2006 /06/25/2006 - 07/02/2006 /07/02/2006 - 07/09/2006 /07/09/2006 - 07/16/2006 /07/23/2006 - 07/30/2006 /08/06/2006 - 08/13/2006 /08/13/2006 - 08/20/2006 /09/03/2006 - 09/10/2006 /09/17/2006 - 09/24/2006 /09/24/2006 - 10/01/2006 /10/01/2006 - 10/08/2006 /10/22/2006 - 10/29/2006 /11/19/2006 - 11/26/2006 /11/26/2006 - 12/03/2006 /12/03/2006 - 12/10/2006 /12/10/2006 - 12/17/2006 /12/17/2006 - 12/24/2006 /12/24/2006 - 12/31/2006 /01/07/2007 - 01/14/2007 /01/14/2007 - 01/21/2007 /01/28/2007 - 02/04/2007 /02/11/2007 - 02/18/2007 /02/18/2007 - 02/25/2007 /02/25/2007 - 03/04/2007 /03/04/2007 - 03/11/2007 /03/18/2007 - 03/25/2007 /04/01/2007 - 04/08/2007 /04/08/2007 - 04/15/2007 /04/15/2007 - 04/22/2007 /04/22/2007 - 04/29/2007 /04/29/2007 - 05/06/2007 /05/06/2007 - 05/13/2007 /05/20/2007 - 05/27/2007 /05/27/2007 - 06/03/2007 /06/03/2007 - 06/10/2007 /06/10/2007 - 06/17/2007 /06/17/2007 - 06/24/2007 /07/01/2007 - 07/08/2007 /07/08/2007 - 07/15/2007 /07/22/2007 - 07/29/2007 /07/29/2007 - 08/05/2007 /08/05/2007 - 08/12/2007 /08/26/2007 - 09/02/2007 /09/09/2007 - 09/16/2007 /09/23/2007 - 09/30/2007 /09/30/2007 - 10/07/2007 /10/07/2007 - 10/14/2007 /10/14/2007 - 10/21/2007 /10/21/2007 - 10/28/2007 /10/28/2007 - 11/04/2007 /11/04/2007 - 11/11/2007 /11/11/2007 - 11/18/2007 /11/18/2007 - 11/25/2007 /11/25/2007 - 12/02/2007 /12/02/2007 - 12/09/2007 /12/09/2007 - 12/16/2007 /12/16/2007 - 12/23/2007 /12/23/2007 - 12/30/2007 /01/06/2008 - 01/13/2008 /02/03/2008 - 02/10/2008 /02/17/2008 - 02/24/2008 /02/24/2008 - 03/02/2008 /03/02/2008 - 03/09/2008 /03/09/2008 - 03/16/2008 /03/16/2008 - 03/23/2008 /03/23/2008 - 03/30/2008 /03/30/2008 - 04/06/2008 /04/20/2008 - 04/27/2008 /разделы циклон цол доставка алкогольный пленка пэ кулер винчестер миканитовые втулка i`m o.k./герои гроб нард онлайн акриловый пряжа индивидуальный банковский ячейка охота пиранья акриловый вкладыш срезанный цвет урок охота вино роза подготовка ielts шелковый ковры рефрижератор neri karra кожгалантерея газонокосилка elmos охота бабочка лечение щитовидный железа штангенциркуль иномарка съемный зубной протез санфаянс выведение бородавка rittal гипсокартон купить архиватор kiev apartments service обогащение кислородом snr roulements архитектурный визуализация швейцария культура крутой компания магнитный доска пассажирский лифт кулер 478 рак пищевод протеин инженерный геодезия рак кишка kiev apartaments rent гравировальный бур бак накопитель zip lock степ-аэробика свойство краска прерывание беременность гиря торговый калибровочный предохранитель пкн средство самооборона футбольный тотализатор nokia 3230 купить аэробика серверные корпус консольный переключатель kiev apartaments service ваттметр стоматологический услуга купить отвед акриловый пряжа безоперационное прерывание беременность органический растворитель медикаментозный прерывание беременность купить хлебопечку меховой холодильник черный кофе ароматный мир холодильник оптом билет балет монитор видеодомофона, монитор, видеодомофон kiev apartaments rent охота растворитель откачка туалет электрический прочность тонировка стекол сканер штрихкодов перевод испанский восстановление информация залог кострома фарфор longines купить минимойку масло облепих.концентрат тонирование окон прайс зеркало враждебный поглощение кожгалантерея дирижабль уничтожение данный авиа отправка вилатерм ipsec