diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.lyx b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.lyx index 4fa813bb..4e026998 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.lyx +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.de.lyx @@ -1041,7 +1041,7 @@ Geschichte von IPv6 & Linux Die Jahre 1992, 1993 und 1994 der allgemeinen IPv6 Geschichte können Sie in folgendem Dokument nachlesen: -\begin_inset LatexCommand \url[IPv6 or IPng (IP next generation)]{http://www.laynetworks.com/users/webs/IPv6.htm#CH3} +\begin_inset LatexCommand \url[IPv6 or IPng (IP next generation)]{http://www.laynetworks.com/IPv6.htm#CH3} \end_inset @@ -11000,6 +11000,16 @@ Fehlt etwas? Vorschl \layout Standard Vorschläge sind Willkommen! +\layout Subsection + + +\lang english +2004 +\layout Itemize + + +\lang english +1st Global IPv6 Summit in Sao Paul, Brazil \layout Section @@ -11296,7 +11306,7 @@ ISATAP \layout Subsection -Neueste Nachrichten +Neueste Nachrichten und URLs zu anderen Dokumenten \layout Standard Mehr Infos in späteren Versionen... @@ -11326,6 +11336,16 @@ Mehr Infos in sp \end_inset , deutsches Forum +\layout Itemize + + +\lang english + +\begin_inset LatexCommand \url[Viele URLs zu anderen Dokumenten]{http://www.estoile.com/links/ipv6} + +\end_inset + + von Anil Edathara \layout Subsection Protokoll-Informationen @@ -12688,6 +12708,21 @@ Programm-Listen \layout Itemize +\lang english + +\begin_inset LatexCommand \url[DeepSpace6 / IPv6 Status Page]{http://www.deepspace6.net/docs/ipv6_status_page_apps.html} + +\end_inset + + ( +\begin_inset LatexCommand \url[Mirror]{http://mirrors.bieringer.de/www.deepspace6.net/docs/ipv6_status_page_apps.html} + +\end_inset + +) +\layout Itemize + + \begin_inset LatexCommand \url[IPv6.org / IPv6 enabled applications]{http://www.ipv6.org/v6-apps.html} \end_inset @@ -13668,8 +13703,28 @@ Weitere Tunnel broker... Native IPv6 Dienste \layout Standard -Anmerkung: Die folgenden Dienste sind nur mit einer gültigen IPv6 Verbbindung - erreichbar! +Anmerkung: Die folgenden Dienste sind meist nur mit einer gültigen IPv6 + Verbbindung erreichbar! +\layout Subsubsection + + +\lang english + +\begin_inset LatexCommand \label{information-nativeipv6nntp} + +\end_inset + +Net News (NNTP) +\layout Itemize + + +\lang english + +\begin_inset LatexCommand \url[news.ipv6.scarlet-internet.nl]{nntp://news.ipv6.scarlet-internet.nl/} + +\end_inset + + (erreichbar über alle SixXS POPs) \layout Subsubsection @@ -15082,6 +15137,26 @@ AAAA Lookup Checker \end_inset +\layout Itemize + + +\lang english +Verschiedene Werkzeuge: +\begin_inset LatexCommand \url[IPv6tools]{http://www.ipv6tools.com/} + +\end_inset + + +\layout Itemize + + +\lang english + +\begin_inset LatexCommand \url[IPv6 Adress Analye Werkzeug]{http://doc.tavian.com/ipv6util/index.htm} + +\end_inset + + (ähnlich zur Informations-Option von ipv6calc) \layout Subsection Informationsbeschaffung @@ -15308,6 +15383,9 @@ Die Historie der Deutsche Sprachversion \layout Description +0.47.1.de.1 2005-01-01/PB: Sync mit Original +\layout Description + 0.47.de.1 2004-08-30/PB: Sync mit Original \layout Description diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.lyx b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.lyx index 57cd286b..c02302f9 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.lyx +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.fr.lyx @@ -1072,7 +1072,7 @@ Historique d'IPv6 pour Linux Les années 1992, 1993 et 1994 de l'histoire d'IPv6 (dans ses généralités) sont couvertes par le document suivant: -\begin_inset LatexCommand \url[IPv6 ou IPng (IP nouvelle génération)]{http://www.laynetworks.com/users/webs/IPv6.htm#CH3} +\begin_inset LatexCommand \url[IPv6 ou IPng (IP nouvelle génération)]{http://www.laynetworks.com/IPv6.htm#CH3} \end_inset diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.lyx b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.lyx index 05a389f9..91fd2018 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.lyx +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.lyx @@ -51,6 +51,15 @@ Bieringer \layout SGML + Release 0.47.1 2005-01-01 PB See +\begin_inset LatexCommand \ref[revision history]{revision-history} + +\end_inset + + for more +\layout SGML + Release 0.47 2004-08-30 PB See \begin_inset LatexCommand \ref[revision history]{revision-history} @@ -69,13 +78,6 @@ tials>PB See for more \layout SGML - Release 0.45 2004-01-11 PB See -\begin_inset LatexCommand \ref[revision history]{revision-history} - -\end_inset - - for more \layout SGML \layout SGML @@ -119,7 +121,7 @@ Copyright, license and others Copyright \layout Standard -Written and Copyright (C) 2001-2004 by Peter Bieringer +Written and Copyright (C) 2001-2005 by Peter Bieringer \layout Subsection License @@ -328,7 +330,7 @@ Major history 2004-06-18: Greek translation is in progress \layout Standard -2004-08-29: Spanish translation is still not in progress +2004-08-29: Spanish translation is still NOT in progress \layout Subsubsection Full history @@ -1069,7 +1071,7 @@ History of IPv6 in Linux The years 1992, 1993 and 1994 of the IPv6 History (in general) are covered by following document: -\begin_inset LatexCommand \url[IPv6 or IPng (IP next generation)]{http://www.laynetworks.com/users/webs/IPv6.htm#CH3} +\begin_inset LatexCommand \url[IPv6 or IPng (IP next generation)]{http://www.laynetworks.com/IPv6.htm#CH3} \end_inset @@ -8649,14 +8651,41 @@ Encryption and Authentication Unlike in IPv4 encryption and authentication is a mandatory feature of IPv6. This features are normally implemented using IPsec (which can be also used by IPv4). -\layout Standard - -But because of the independence of encryption and authentication from the - key exchange protocol there exists currently some interoperability problems - regarding this issue. \layout Section -Support in kernel +Modes of using Encryption and Authentication +\layout Standard + +Two modes of Encryption and Authentication of a connection are possible: +\layout Subsection + +Transport mode +\layout Standard + +Transport mode is a real end-to-end connection mode. + Here, only the payload (usually ICMP, TCP or UDP) is encrypted with their + particular header, while the IP header is not encrypted (but ususally included + in authentication). +\layout Standard + +Using AES-128 for encryption and SHA1 for authentication, this mode decreases + the MTU by 42 octetts. +\layout Subsection + +Tunnel mode +\layout Standard + +Tunnel mode can be used either for end-to-end or for gateway-to-gateway + connection modes. + Here, the complete IP packet is encrypted and got a new IP header in front + of . +\layout Standard + +This mode usually decreases the MTU by 40 octetts from the MTU of transport + mode. +\layout Section + +Support in kernel (ESP and AH) \layout Subsection Support in vanilla Linux kernel 2.4.x @@ -8673,30 +8702,50 @@ ontrol-laws regarding encryption code. (IPv4 only IPsec) isn't still contained in vanilla source. \layout Subsection -Support in USAGI kernel +Support in vanilla Linux kernel 2.6.x \layout Standard -The USAGI project has taken over in July 2001 the IPv6 enabled FreeS/WAN - code from the -\begin_inset LatexCommand \url[IABG / IPv6 Project]{http://www.ipv6.iabg.de/downloadframe/} - -\end_inset - - and included in their kernel extensions. - Nowadays they are working on implementing IPsec into 2.5.x series. -\layout Subsection - -Support in vanilla Linux kernel 2.5.x +Current versions (as time of writing 2.6.9 and upper) support native IPsec + for IPv4 and IPv6. \layout Standard -Currently, the IPsec extensions of the USAGI kernel are on the way being - migrated into 2.5.x developer kernels. +Development was mostly done by the USAGI project with help from others. \layout Section -Usage +Automatic key exchange (IKE) \layout Standard -In difference to FreeS/WAN, in IPsec of 2.5.x the IKE daemon +IPsec requires a key exchange of a secret. + This is mostly done automatically by so called IKE daemons. + They also handle the authentication of the peers, either by a common known + secret (so called +\begin_inset Quotes sld +\end_inset + +preshared secret +\begin_inset Quotes srd +\end_inset + +) or by RSA keys (which can also be used from X.509 certificates). +\layout Standard + +Currently, two different IKE daemons are available, which totally differ + from configuration and usage. +\layout Standard + +I prefer +\begin_inset Quotes sld +\end_inset + +pluto +\begin_inset Quotes srd +\end_inset + + from the *S/WAN implementation because of the easier and one-config-only + setup. +\layout Subsection + +IKE daemon \begin_inset Quotes sld \end_inset @@ -8704,31 +8753,754 @@ racoon \begin_inset Quotes srd \end_inset - (taken from KAME) is used instead of + +\layout Standard + +The IKE daemon \begin_inset Quotes sld \end_inset -pluto +racoon \begin_inset Quotes srd \end_inset - of FreeS/WAN. - It has a different configuration syntax than + is taken from the KAME project and ported to Linux. + Modern Linux distributions contain this daemon in the package \begin_inset Quotes sld \end_inset -pluto +ipsec-tools \begin_inset Quotes srd \end_inset -, note also that the IPsec setup is splitted into 2 parts (IKE and topology - setup). - Until some documentation is filled here, take a look at +. + Two executables are required for a proper IPsec setup. + Take a look also on \begin_inset LatexCommand \url[Linux Advanced Routing & Traffic Control HOWTO / IPSEC]{http://lartc.org/howto/lartc.ipsec.html} \end_inset . +\layout Subsubsection + +Manipulation of the IPsec SA/SP database with the tool +\begin_inset Quotes sld +\end_inset + +setkey +\begin_inset Quotes srd +\end_inset + + +\layout Standard + + +\begin_inset Quotes sld +\end_inset + +setkey +\begin_inset Quotes srd +\end_inset + + is important to tell the kernel the security policy (SP). +\layout Standard + +File: /etc/racoon/setkey.sh +\layout Itemize + +Example for a end-to-end encrypted connection in transport mode +\layout Code + +#!/sbin/setkey -f +\layout Code + +flush; +\layout Code + +spdflush; +\layout Code + +spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec esp/transport//require; +\layout Code + +spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec esp/transport//require; +\layout Code + +\layout Itemize + +Example for a end-to-end encrypted connection in tunnel mode +\layout Code + +#!/sbin/setkey -f +\layout Code + +flush; +\layout Code + +spdflush; +\layout Code + +spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec +\layout Code + +¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require; +\layout Code + +spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec +\layout Code + +¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require; +\layout Standard + +For the other peer, you have to exchange +\begin_inset Quotes sld +\end_inset + +in +\begin_inset Quotes srd +\end_inset + + with +\begin_inset Quotes sld +\end_inset + +out +\begin_inset Quotes srd +\end_inset + +. +\layout Subsubsection + +Configuration of the IKE daemon +\begin_inset Quotes sld +\end_inset + +racoon +\begin_inset Quotes srd +\end_inset + + +\layout Standard + + +\begin_inset Quotes sld +\end_inset + +racoon +\begin_inset Quotes srd +\end_inset + + requires a configuration file for proper running. + It includes the related settings to the security policy, which should be + setup previously using +\begin_inset Quotes sld +\end_inset + +setkey +\begin_inset Quotes srd +\end_inset + +. +\layout Standard + +File: /etc/racoon/racoon.conf +\layout Code + +# Racoon IKE daemon configuration file. +\layout Code + +# See 'man racoon.conf' for a description of the format and entries. +\layout Code + +path include "/etc/racoon"; +\layout Code + +path pre_shared_key "/etc/racoon/psk.txt"; +\layout Code + +\layout Code + +listen +\layout Code + +{ +\layout Code + + isakmp 2001:db8:1:1::1; +\layout Code + +} +\layout Code + +\layout Code + +remote 2001:db8:2:2::2 +\layout Code + +{ +\layout Code + + exchange_mode main; +\layout Code + + lifetime time 24 hour; +\layout Code + + proposal +\layout Code + + { +\layout Code + + encryption_algorithm 3des; +\layout Code + + hash_algorithm md5; +\layout Code + + authentication_method pre_shared_key; +\layout Code + + dh_group 2; +\layout Code + + } +\layout Code + +} +\layout Code + +\layout Code + +# gateway-to-gateway +\layout Code + +sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any +\layout Code + +{ +\layout Code + + lifetime time 1 hour; +\layout Code + + encryption_algorithm 3des; +\layout Code + + authentication_algorithm hmac_md5; +\layout Code + + compression_algorithm deflate; +\layout Code + +} +\layout Code + +\layout Code + +sainfo address 2001:db8:2:2::2 any address 2001:db8:1:1::1 any +\layout Code + +{ +\layout Code + + lifetime time 1 hour; +\layout Code + + encryption_algorithm 3des; +\layout Code + + authentication_algorithm hmac_md5; +\layout Code + + compression_algorithm deflate; +\layout Code + +} +\layout Standard + +Also setup the preshared secret: +\layout Standard + +File: /etc/racoon/psk.txt +\layout Code + +# file for pre-shared keys used for IKE authentication +\layout Code + +# format is: 'identifier' 'key' +\layout Code + +\layout Code + +2001:db8:2:2::2 verysecret +\layout Subsubsection + +Running IPsec with IKE daemon +\begin_inset Quotes sld +\end_inset + +racoon +\begin_inset Quotes srd +\end_inset + + +\layout Standard + +At least the daemon needs to be started, for the first time, use debug and + foreground mode. + The following example shows a successful IKE phase 1 (ISAKMP-SA) and 2 + (IPsec-SA): +\layout Code + +# racoon -F -v -f /etc/racoon/racoon.conf +\layout Code + +Foreground mode. + +\layout Code + +2005-01-01 20:30:15: INFO: @(#)ipsec-tools 0.3.3 (http://ipsec-tools.sourceforge.net +) +\layout Code + +2005-01-01 20:30:15: INFO: @(#)This product linked +\layout Code + +¬ OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) +\layout Code + +2005-01-01 20:30:15: INFO: 2001:db8:1:1::1[500] used as isakmp port (fd=7) +\layout Code + +2005-01-01 20:31:06: INFO: IPsec-SA request for 2001:db8:2:2::2 +\layout Code + +¬ queued due to no phase1 found. +\layout Code + +2005-01-01 20:31:06: INFO: initiate new phase 1 negotiation: +\layout Code + +¬ 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500] +\layout Code + +2005-01-01 20:31:06: INFO: begin Identity Protection mode. +\layout Code + +2005-01-01 20:31:09: INFO: ISAKMP-SA established +\layout Code + +¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db40 +1 +\layout Code + +2005-01-01 20:31:09: INFO: initiate new phase 2 negotiation: +\layout Code + +¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0] +\layout Code + +2005-01-01 20:31:10: INFO: IPsec-SA established: +\layout Code + +¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab) +\layout Code + +2005-01-01 20:31:10: INFO: IPsec-SA established: +\layout Code + +¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4) +\layout Standard + +Each direction got it's own IPsec-SA (like defined in the IPsec standard). + With TCPdump on the related interface, you will see following afterwards + on an IPv6 ping: +\layout Code + +20:35:55.305707 2001:db8:1:1::1 > 2001:db8:2:2::2: ESP(spi=0x0a6e53c4,seq=0x3) +\layout Code + +20:35:55.537522 2001:db8:2:2::2 > 2001:db8:1:1::1: ESP(spi=0x0f22bfab,seq=0x3) +\layout Standard + +As expected, the SPIs occur here. +\layout Standard + +And using +\begin_inset Quotes sld +\end_inset + +setkey +\begin_inset Quotes srd +\end_inset + + current active parameters are shown: +\layout Code + +# setkey -D +\layout Code + +2001:db8:1:1::1 2001:db8:2:2::2 +\layout Code + + esp mode=tunnel spi=175002564(0x0a6e53c4) reqid=0(0x00000000) +\layout Code + + E: 3des-cbc bd26bc45 aea0d249 ef9c6b89 7056080f 5d9fa49c 924e2edd +\layout Code + + A: hmac-md5 60c2c505 517dd8b7 c9609128 a5efc2db +\layout Code + + seq=0x00000000 replay=4 flags=0x00000000 state=mature +\layout Code + + created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 +\layout Code + + diff: 577(s) hard: 3600(s) soft: 2880(s) +\layout Code + + last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) +\layout Code + + current: 540(bytes) hard: 0(bytes) soft: 0(bytes) +\layout Code + + allocated: 3 hard: 0 soft: 0 +\layout Code + + sadb_seq=1 pid=22358 refcnt=0 +\layout Code + +2001:db8:2:2::2 2001:db8:1:1::1 +\layout Code + + esp mode=tunnel spi=253935531(0x0f22bfab) reqid=0(0x00000000) +\layout Code + + E: 3des-cbc c1ddba65 83debd62 3f6683c1 20e747ac 933d203f 4777a7ce +\layout Code + + A: hmac-md5 3f957db9 9adddc8c 44e5739d 3f53ca0e +\layout Code + + seq=0x00000000 replay=4 flags=0x00000000 state=mature +\layout Code + + created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005 +\layout Code + + diff: 577(s) hard: 3600(s) soft: 2880(s) +\layout Code + + last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s) +\layout Code + + current: 312(bytes) hard: 0(bytes) soft: 0(bytes) +\layout Code + + allocated: 3 hard: 0 soft: 0 +\layout Code + + sadb_seq=0 pid=22358 refcnt=0 +\layout Subsection + +IKE daemon +\begin_inset Quotes sld +\end_inset + +pluto +\begin_inset Quotes srd +\end_inset + + +\layout Standard + +The IKE daemon +\begin_inset Quotes sld +\end_inset + +pluto +\begin_inset Quotes srd +\end_inset + + is contained by the *S/WAN projects. + *S/WAN project starts at the beginning as +\begin_inset LatexCommand \url[FreeS/WAN]{http://www.freeswan.org/} + +\end_inset + +. + Unfortunately, FreeS/WAN project stopped further development in 2004. + Because of slow development the time before, there were already 2 spin-offs + started: +\begin_inset LatexCommand \url[strongSwan]{http://www.strongswan.org/} + +\end_inset + + and +\begin_inset LatexCommand \url[Openswan]{http://www.openswan.org/} + +\end_inset + +. + Nowadays, for at least Openswan installable packages are existing, also + in Fedora Core 3 Linux it's already included. +\layout Standard + +A major difference to +\begin_inset Quotes sld +\end_inset + +racoon +\begin_inset Quotes srd +\end_inset + + only one configuration file is required. + Also an initscript exists for automatic setup after booting. +\layout Subsubsection + +Configuration of the IKE daemon +\begin_inset Quotes sld +\end_inset + +pluto +\begin_inset Quotes srd +\end_inset + + +\layout Standard + +The configuration is very similar to the IPv4 one, only one important option + is necessary. +\layout Standard + +File: /etc/ipsec.conf +\layout Code + +# /etc/ipsec.conf - Openswan IPsec configuration file +\layout Code + +# +\layout Code + +# Manual: ipsec.conf.5 +\layout Code + +version 2.0 # conforms to second version of ipsec.conf specification +\layout Code + +\layout Code + +# basic configuration +\layout Code + +config setup +\layout Code + + # Debug-logging controls: "none" for (almost) none, "all" for lots. +\layout Code + + # klipsdebug=none +\layout Code + + # plutodebug="control parsing" +\layout Code + +\layout Code + +#Disable Opportunistic Encryption +\layout Code + +include /etc/ipsec.d/examples/no_oe.conf +\layout Code + +\layout Code + +conn ipv6-p1-p2 +\layout Code + + connaddrfamily=ipv6 # Important for IPv6! +\layout Code + + left=2001:db8:1:1::1 +\layout Code + + right=2001:db8:2:2::2 +\layout Code + + authby=secret +\layout Code + + esp=aes128-sha1 +\layout Code + + ike=aes128-sha-modp1024 +\layout Code + + type=transport +\layout Code + + #type=tunnel +\layout Code + + compress=no +\layout Code + + #compress=yes +\layout Code + + auto=add +\layout Code + + #auto=start +\layout Code + +\layout Standard + +Don't forget to define the preshared secret here also. +\layout Standard + +File: /etc/ipsec.secrets +\layout Code + +2001:db8:1:1::1 2001:db8:2:2::2 : PSK "verysecret" +\layout Subsubsection + +Running IPsec with IKE daemon +\begin_inset Quotes sld +\end_inset + +pluto +\begin_inset Quotes srd +\end_inset + + +\layout Standard + +If installation of Openswan was successfully, an initscript should be exist + for starting IPsec, simple run (on each peer): +\layout Code + +# /etc/rc.d/init.d/ipsec start +\layout Standard + +Afterwards, start this connection on one peer, if you seen the line +\begin_inset Quotes sld +\end_inset + +IPsec SA established +\begin_inset Quotes srd +\end_inset + +, all worked fine. +\layout Code + +# ipsec auto --up ipv6-peer1-peer2 +\layout Code + +104 "ipv6-p1-p2" #1: STATE_MAIN_I1: initiate +\layout Code + +106 "ipv6-p1-p2" #1: STATE_MAIN_I2: sent MI2, expecting MR2 +\layout Code + +108 "ipv6-p1-p2" #1: STATE_MAIN_I3: sent MI3, expecting MR3 +\layout Code + +004 "ipv6-p1-p2" #1: STATE_MAIN_I4: ISAKMP SA established +\layout Code + +112 "ipv6-p1-p2" #2: STATE_QUICK_I1: initiate +\layout Code + +004 "ipv6-p1-p2" #2: STATE_QUICK_I2: sent QI2, +\layout Code + +¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22} +\layout Standard + +Because *S/WAN and setkey/racoon uses the same IPsec implementation in Linux + kernel, +\begin_inset Quotes sld +\end_inset + +setkey +\begin_inset Quotes srd +\end_inset + + can be used also here to show current active parameters: +\layout Code + +# setkey -D +\layout Code + +2001:db8:1:1::1 2001:db8:2:2::2 +\layout Code + + esp mode=transport spi=2844489488(0xa98b7710) reqid=16385(0x00004001) +\layout Code + + E: aes-cbc 082ee274 2744bae5 7451da37 1162b483 +\layout Code + + A: hmac-sha1 b7803753 757417da 477b1c1a 64070455 ab79082c +\layout Code + + seq=0x00000000 replay=64 flags=0x00000000 state=mature +\layout Code + + created: Jan 1 21:16:32 2005 current: Jan 1 21:22:20 2005 +\layout Code + + diff: 348(s) hard: 0(s) soft: 0(s) +\layout Code + + last: hard: 0(s) soft: 0(s) +\layout Code + + current: 0(bytes) hard: 0(bytes) soft: 0(bytes) +\layout Code + + allocated: 0 hard: 0 soft: 0 +\layout Code + + sadb_seq=1 pid=23825 refcnt=0 +\layout Code + +2001:db8:2:2::2 2001:db8:1:1::1 +\layout Code + + esp mode=transport spi=2770214690(0xa51e1f22) reqid=16385(0x00004001) +\layout Code + + E: aes-cbc 6f59cc30 8d856056 65e07b76 552cac18 +\layout Code + + A: hmac-sha1 c7c7d82b abfca8b1 5440021f e0c3b335 975b508b +\layout Code + + seq=0x00000000 replay=64 flags=0x00000000 state=mature +\layout Code + + created: Jan 1 21:16:31 2005 current: Jan 1 21:22:20 2005 +\layout Code + + diff: 349(s) hard: 0(s) soft: 0(s) +\layout Code + + last: hard: 0(s) soft: 0(s) +\layout Code + + current: 0(bytes) hard: 0(bytes) soft: 0(bytes) +\layout Code + + allocated: 0 hard: 0 soft: 0 +\layout Code + + sadb_seq=0 pid=23825 refcnt=0 \layout Chapter @@ -10607,6 +11379,12 @@ Something missing? Suggestions are welcome! \layout Standard Suggestions are welcome! +\layout Subsection + +2004 +\layout Itemize + +1st Global IPv6 Summit in Sao Paul, Brazil \layout Section @@ -10897,7 +11675,7 @@ ISATAP \layout Subsection -Latest news +Latest news and URLs to other documents \layout Standard More to be filled later...suggestions are welcome! @@ -10926,6 +11704,14 @@ More to be filled later...suggestions are welcome! \end_inset , German forum +\layout Itemize + + +\begin_inset LatexCommand \url[Lot of URLs to others documents]{http://www.estoile.com/links/ipv6} + +\end_inset + + by Anil Edathara \layout Subsection Protocol references @@ -12262,6 +13048,19 @@ Application lists \layout Itemize +\begin_inset LatexCommand \url[DeepSpace6 / IPv6 Status Page]{http://www.deepspace6.net/docs/ipv6_status_page_apps.html} + +\end_inset + + ( +\begin_inset LatexCommand \url[Mirror]{http://mirrors.bieringer.de/www.deepspace6.net/docs/ipv6_status_page_apps.html} + +\end_inset + +) +\layout Itemize + + \begin_inset LatexCommand \url[IPv6.org / IPv6 enabled applications]{http://www.ipv6.org/v6-apps.html} \end_inset @@ -13218,7 +14017,23 @@ More Tunnel brokers... Native IPv6 Services \layout Standard -Note: These services are only available with a valid IPv6 connection! +Note: These services are mostly only available with a valid IPv6 connection! +\layout Subsubsection + + +\begin_inset LatexCommand \label{information-nativeipv6nntp} + +\end_inset + +Net News (NNTP) +\layout Itemize + + +\begin_inset LatexCommand \url[news.ipv6.scarlet-internet.nl]{nntp://news.ipv6.scarlet-internet.nl/} + +\end_inset + + (accessible through all the SixXS POPs) \layout Subsubsection @@ -14458,6 +15273,22 @@ AAAA Lookup Checker \end_inset +\layout Itemize + +Various tools: +\begin_inset LatexCommand \url[IPv6tools]{http://www.ipv6tools.com/} + +\end_inset + + +\layout Itemize + + +\begin_inset LatexCommand \url[IPv6 address analysis tool]{http://doc.tavian.com/ipv6util/index.htm} + +\end_inset + + (something similar to ipv6calc's information option) \layout Subsection Information retrievement @@ -14646,6 +15477,10 @@ Versions x.y.z are work-in-progress and published as LyX and SGML file on Releases 0.x \layout Description +0.47.1 2005-01-01/PB: add information and examples about IPv6 IPsec, add some + URLs +\layout Description + 0.47 2004-08-30/PB: add some notes about proftpd, vsftpd and other daemons, add some URLs, minor fixes, update status of Spanish translation \layout Description