LDP
/
LDP
mirror of https://github.com/tLDP/LDP
0
1
Fork 0
Code Releases Activity

Preview version, add contents to IPsec chapter

This commit is contained in:
pbldp 2005-01-02 20:54:26 +00:00
parent 65819dbf5c
commit c58e4567dc
1 changed files with 450 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

473
LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml
View File

@ -29,13 +29,16 @@ Bieringer
<revhistory>
<revision> <revnumber>Release 0.47.1</revnumber> <date>2005-01-01</date> <authorinitials>PB</authorinitials> <revremark>See <link linkend="revision-history">revision history</link> for more</revremark></revision>
<revision> <revnumber>Release 0.47</revnumber> <date>2004-08-30</date> <authorinitials>PB</authorinitials> <revremark>See <link linkend="revision-history">revision history</link> for more</revremark></revision>
<revision> <revnumber>Release 0.46</revnumber> <date>2004-03-16</date> <authorinitials>PB</authorinitials> <revremark>See <link linkend="revision-history">revision history</link> for more</revremark></revision>
<revision> <revnumber>Release 0.45</revnumber> <date>2004-01-11</date> <authorinitials>PB</authorinitials> <revremark>See <link linkend="revision-history">revision history</link> for more</revremark></revision>
@ -57,7 +60,7 @@ The goal of the Linux IPv6 HOWTO is to answer both basic and advanced questions
General
</title>
<remark>
CVS-ID: &dollar;Id: Linux+IPv6-HOWTO.lyx,v 1.96 2004/07/19 20:08:47 pbldp Exp &dollar;
CVS-ID: &dollar;Id: Linux+IPv6-HOWTO.lyx,v 1.99 2005/01/01 21:41:14 pbldp Exp &dollar;
</remark>
<para>
Information about available translations you will find in section <link linkend="general-translations">Translations</link>.
@ -71,7 +74,7 @@ Copyright, license and others
Copyright
</title>
<para>
Written and Copyright (C) 2001-2004 by Peter Bieringer
Written and Copyright (C) 2001-2005 by Peter Bieringer
</para>
</sect2>
@ -239,7 +242,7 @@ Major history
2004-06-18: Greek translation is in progress
</para>
<para>
2004-08-29: Spanish translation is still not in progress
2004-08-29: Spanish translation is still NOT in progress
</para>
</sect3>
@ -987,7 +990,7 @@ For more information about the IPv6 history take a look at older IPv6 related RF
History of IPv6 in Linux
</title>
<para>
The years 1992, 1993 and 1994 of the IPv6 History (in general) are covered by following document: <ulink url="http://www.laynetworks.com/users/webs/IPv6.htm#CH3">IPv6 or IPng (IP next generation)</ulink>.
The years 1992, 1993 and 1994 of the IPv6 History (in general) are covered by following document: <ulink url="http://www.laynetworks.com/IPv6.htm#CH3">IPv6 or IPng (IP next generation)</ulink>.
</para>
<para>
To-do: better time-line, more content...
@ -7470,13 +7473,46 @@ Encryption and Authentication
</title>
<para>
Unlike in IPv4 encryption and authentication is a mandatory feature of IPv6. This features are normally implemented using IPsec (which can be also used by IPv4).
</para>
<para>
But because of the independence of encryption and authentication from the key exchange protocol there exists currently some interoperability problems regarding this issue.
</para>
<sect1>
<title>
Support in kernel
Modes of using Encryption and Authentication
</title>
<para>
Two modes of Encryption and Authentication of a connection are possible:
</para>
<sect2>
<title>
Transport mode
</title>
<para>
Transport mode is a real end-to-end connection mode. Here, only the payload (usually ICMP, TCP or UDP) is encrypted with their particular header, while the IP header is not encrypted (but ususally included in authentication).
</para>
<para>
Using AES-128 for encryption and SHA1 for authentication, this mode decreases the MTU by 42 octetts.
</para>
</sect2>
<sect2>
<title>
Tunnel mode
</title>
<para>
Tunnel mode can be used either for end-to-end or for gateway-to-gateway connection modes. Here, the complete IP packet is encrypted and got a new IP header in front of .
</para>
<para>
This mode usually decreases the MTU by 40 octetts from the MTU of transport mode.
</para>
</sect2>
</sect1>
<sect1>
<title>
Support in kernel (ESP and AH)
</title>
<sect2>
<title>
@ -7490,20 +7526,13 @@ Currently missing in vanilla 2.4. There is an issue about keeping the Linux kern
<sect2>
<title>
Support in USAGI kernel
Support in vanilla Linux kernel 2.6.x
</title>
<para>
The USAGI project has taken over in July 2001 the IPv6 enabled FreeS/WAN code from the <ulink url="http://www.ipv6.iabg.de/downloadframe/">IABG / IPv6 Project</ulink> and included in their kernel extensions. Nowadays they are working on implementing IPsec into 2.5.x series.
Current versions (as time of writing 2.6.9 and upper) support native IPsec for IPv4 and IPv6.
</para>
</sect2>
<sect2>
<title>
Support in vanilla Linux kernel 2.5.x
</title>
<para>
Currently, the IPsec extensions of the USAGI kernel are on the way being migrated into 2.5.x developer kernels.
Development was mostly done by the USAGI project with help from others.
</para>
</sect2>
@ -7513,11 +7542,344 @@ Currently, the IPsec extensions of the USAGI kernel are on the way being migrate
<sect1>
<title>
Usage
Automatic key exchange (IKE)
</title>
<para>
In difference to FreeS/WAN, in IPsec of 2.5.x the IKE daemon &quot;racoon&quot; (taken from KAME) is used instead of &quot;pluto&quot; of FreeS/WAN. It has a different configuration syntax than &quot;pluto&quot;, note also that the IPsec setup is splitted into 2 parts (IKE and topology setup). Until some documentation is filled here, take a look at <ulink url="http://lartc.org/howto/lartc.ipsec.html">Linux Advanced Routing & Traffic Control HOWTO / IPSEC</ulink>.
IPsec requires a key exchange of a secret. This is mostly done automatically by so called IKE daemons. They also handle the authentication of the peers, either by a common known secret (so called &quot;preshared secret&quot;) or by RSA keys (which can also be used from X.509 certificates).
</para>
<para>
Currently, two different IKE daemons are available, which totally differ from configuration and usage.
</para>
<para>
I prefer &quot;pluto&quot; from the *S/WAN implementation because of the easier and one-config-only setup.
</para>
<sect2>
<title>
IKE daemon &quot;racoon&quot;
</title>
<para>
The IKE daemon &quot;racoon&quot; is taken from the KAME project and ported to Linux. Modern Linux distributions contain this daemon in the package &quot;ipsec-tools&quot;. Two executables are required for a proper IPsec setup. Take a look also on <ulink url="http://lartc.org/howto/lartc.ipsec.html">Linux Advanced Routing & Traffic Control HOWTO / IPSEC</ulink>.
</para>
<sect3>
<title>
Manipulation of the IPsec SA/SP database with the tool &quot;setkey&quot;
</title>
<para>
&quot;setkey&quot; is important to tell the kernel the security policy (SP).
</para>
<para>
File: /etc/racoon/setkey.sh
</para>
<itemizedlist>
<listitem>
<para>
Example for a end-to-end encrypted connection in transport mode
</para>
</listitem>
</itemizedlist>
<programlisting>
<![CDATA[#!/sbin/setkey -f
]]><![CDATA[flush;
]]><![CDATA[spdflush;
]]><![CDATA[spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec esp/transport//require;
]]><![CDATA[spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec esp/transport//require;
]]><![CDATA[
]]>
</programlisting>
<itemizedlist>
<listitem>
<para>
Example for a end-to-end encrypted connection in tunnel mode
</para>
</listitem>
</itemizedlist>
<programlisting>
<![CDATA[#!/sbin/setkey -f
]]><![CDATA[flush;
]]><![CDATA[spdflush;
]]><![CDATA[spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec
]]><![CDATA[¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require;
]]><![CDATA[spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec
]]><![CDATA[¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require;
]]>
</programlisting>
<para>
For the other peer, you have to exchange &quot;in&quot; with &quot;out&quot;.
</para>
</sect3>
<sect3>
<title>
Configuration of the IKE daemon &quot;racoon&quot;
</title>
<para>
&quot;racoon&quot; requires a configuration file for proper running. It includes the related settings to the security policy, which should be setup previously using &quot;setkey&quot;.
</para>
<para>
File: /etc/racoon/racoon.conf
</para>
<programlisting>
<![CDATA[# Racoon IKE daemon configuration file.
]]><![CDATA[# See 'man racoon.conf' for a description of the format and entries.
]]><![CDATA[path include "/etc/racoon";
]]><![CDATA[path pre_shared_key "/etc/racoon/psk.txt";
]]><![CDATA[
]]><![CDATA[listen
]]><![CDATA[{
]]><![CDATA[ isakmp 2001:db8:1:1::1;
]]><![CDATA[}
]]><![CDATA[
]]><![CDATA[remote 2001:db8:2:2::2
]]><![CDATA[{
]]><![CDATA[ exchange_mode main;
]]><![CDATA[ lifetime time 24 hour;
]]><![CDATA[ proposal
]]><![CDATA[ {
]]><![CDATA[ encryption_algorithm 3des;
]]><![CDATA[ hash_algorithm md5;
]]><![CDATA[ authentication_method pre_shared_key;
]]><![CDATA[ dh_group 2;
]]><![CDATA[ }
]]><![CDATA[}
]]><![CDATA[
]]><![CDATA[# gateway-to-gateway
]]><![CDATA[sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any
]]><![CDATA[{
]]><![CDATA[ lifetime time 1 hour;
]]><![CDATA[ encryption_algorithm 3des;
]]><![CDATA[ authentication_algorithm hmac_md5;
]]><![CDATA[ compression_algorithm deflate;
]]><![CDATA[}
]]><![CDATA[
]]><![CDATA[sainfo address 2001:db8:2:2::2 any address 2001:db8:1:1::1 any
]]><![CDATA[{
]]><![CDATA[ lifetime time 1 hour;
]]><![CDATA[ encryption_algorithm 3des;
]]><![CDATA[ authentication_algorithm hmac_md5;
]]><![CDATA[ compression_algorithm deflate;
]]><![CDATA[}
]]>
</programlisting>
<para>
Also setup the preshared secret:
</para>
<para>
File: /etc/racoon/psk.txt
</para>
<programlisting>
<![CDATA[# file for pre-shared keys used for IKE authentication
]]><![CDATA[# format is: 'identifier' 'key'
]]><![CDATA[
]]><![CDATA[2001:db8:2:2::2 verysecret
]]>
</programlisting>
</sect3>
<sect3>
<title>
Running IPsec with IKE daemon &quot;racoon&quot;
</title>
<para>
At least the daemon needs to be started, for the first time, use debug and foreground mode. The following example shows a successful IKE phase 1 (ISAKMP-SA) and 2 (IPsec-SA):
</para>
<programlisting>
<![CDATA[# racoon -F -v -f /etc/racoon/racoon.conf
]]><![CDATA[Foreground mode.
]]><![CDATA[2005-01-01 20:30:15: INFO: @(#)ipsec-tools 0.3.3 (http://ipsec-tools.sourceforge.net)
]]><![CDATA[2005-01-01 20:30:15: INFO: @(#)This product linked
]]><![CDATA[¬ OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/)
]]><![CDATA[2005-01-01 20:30:15: INFO: 2001:db8:1:1::1[500] used as isakmp port (fd=7)
]]><![CDATA[2005-01-01 20:31:06: INFO: IPsec-SA request for 2001:db8:2:2::2
]]><![CDATA[¬ queued due to no phase1 found.
]]><![CDATA[2005-01-01 20:31:06: INFO: initiate new phase 1 negotiation:
]]><![CDATA[¬ 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500]
]]><![CDATA[2005-01-01 20:31:06: INFO: begin Identity Protection mode.
]]><![CDATA[2005-01-01 20:31:09: INFO: ISAKMP-SA established
]]><![CDATA[¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db401
]]><![CDATA[2005-01-01 20:31:09: INFO: initiate new phase 2 negotiation:
]]><![CDATA[¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0]
]]><![CDATA[2005-01-01 20:31:10: INFO: IPsec-SA established:
]]><![CDATA[¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab)
]]><![CDATA[2005-01-01 20:31:10: INFO: IPsec-SA established:
]]><![CDATA[¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4)
]]>
</programlisting>
<para>
Each direction got it's own IPsec-SA (like defined in the IPsec standard). With TCPdump on the related interface, you will see following afterwards on an IPv6 ping:
</para>
<programlisting>
<![CDATA[20:35:55.305707 2001:db8:1:1::1 > 2001:db8:2:2::2: ESP(spi=0x0a6e53c4,seq=0x3)
]]><![CDATA[20:35:55.537522 2001:db8:2:2::2 > 2001:db8:1:1::1: ESP(spi=0x0f22bfab,seq=0x3)
]]>
</programlisting>
<para>
As expected, the SPIs occur here.
</para>
<para>
And using &quot;setkey&quot; current active parameters are shown:
</para>
<programlisting>
<![CDATA[# setkey -D
]]><![CDATA[2001:db8:1:1::1 2001:db8:2:2::2
]]><![CDATA[ esp mode=tunnel spi=175002564(0x0a6e53c4) reqid=0(0x00000000)
]]><![CDATA[ E: 3des-cbc bd26bc45 aea0d249 ef9c6b89 7056080f 5d9fa49c 924e2edd
]]><![CDATA[ A: hmac-md5 60c2c505 517dd8b7 c9609128 a5efc2db
]]><![CDATA[ seq=0x00000000 replay=4 flags=0x00000000 state=mature
]]><![CDATA[ created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005
]]><![CDATA[ diff: 577(s) hard: 3600(s) soft: 2880(s)
]]><![CDATA[ last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s)
]]><![CDATA[ current: 540(bytes) hard: 0(bytes) soft: 0(bytes)
]]><![CDATA[ allocated: 3 hard: 0 soft: 0
]]><![CDATA[ sadb_seq=1 pid=22358 refcnt=0
]]><![CDATA[2001:db8:2:2::2 2001:db8:1:1::1
]]><![CDATA[ esp mode=tunnel spi=253935531(0x0f22bfab) reqid=0(0x00000000)
]]><![CDATA[ E: 3des-cbc c1ddba65 83debd62 3f6683c1 20e747ac 933d203f 4777a7ce
]]><![CDATA[ A: hmac-md5 3f957db9 9adddc8c 44e5739d 3f53ca0e
]]><![CDATA[ seq=0x00000000 replay=4 flags=0x00000000 state=mature
]]><![CDATA[ created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005
]]><![CDATA[ diff: 577(s) hard: 3600(s) soft: 2880(s)
]]><![CDATA[ last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s)
]]><![CDATA[ current: 312(bytes) hard: 0(bytes) soft: 0(bytes)
]]><![CDATA[ allocated: 3 hard: 0 soft: 0
]]><![CDATA[ sadb_seq=0 pid=22358 refcnt=0
]]>
</programlisting>
</sect3>
</sect2>
<sect2>
<title>
IKE daemon &quot;pluto&quot;
</title>
<para>
The IKE daemon &quot;pluto&quot; is contained by the *S/WAN projects. *S/WAN project starts at the beginning as <ulink url="http://www.freeswan.org/">FreeS/WAN</ulink>. Unfortunately, FreeS/WAN project stopped further development in 2004. Because of slow development the time before, there were already 2 spin-offs started: <ulink url="http://www.strongswan.org/">strongSwan</ulink> and <ulink url="http://www.openswan.org/">Openswan</ulink>. Nowadays, for at least Openswan installable packages are existing, also in Fedora Core 3 Linux it's already included.
</para>
<para>
A major difference to &quot;racoon&quot; only one configuration file is required. Also an initscript exists for automatic setup after booting.
</para>
<sect3>
<title>
Configuration of the IKE daemon &quot;pluto&quot;
</title>
<para>
The configuration is very similar to the IPv4 one, only one important option is necessary.
</para>
<para>
File: /etc/ipsec.conf
</para>
<programlisting>
<![CDATA[# /etc/ipsec.conf - Openswan IPsec configuration file
]]><![CDATA[#
]]><![CDATA[# Manual: ipsec.conf.5
]]><![CDATA[version 2.0 # conforms to second version of ipsec.conf specification
]]><![CDATA[
]]><![CDATA[# basic configuration
]]><![CDATA[config setup
]]><![CDATA[ # Debug-logging controls: "none" for (almost) none, "all" for lots.
]]><![CDATA[ # klipsdebug=none
]]><![CDATA[ # plutodebug="control parsing"
]]><![CDATA[
]]><![CDATA[#Disable Opportunistic Encryption
]]><![CDATA[include /etc/ipsec.d/examples/no_oe.conf
]]><![CDATA[
]]><![CDATA[conn ipv6-p1-p2
]]><![CDATA[ connaddrfamily=ipv6 # Important for IPv6!
]]><![CDATA[ left=2001:db8:1:1::1
]]><![CDATA[ right=2001:db8:2:2::2
]]><![CDATA[ authby=secret
]]><![CDATA[ esp=aes128-sha1
]]><![CDATA[ ike=aes128-sha-modp1024
]]><![CDATA[ type=transport
]]><![CDATA[ #type=tunnel
]]><![CDATA[ compress=no
]]><![CDATA[ #compress=yes
]]><![CDATA[ auto=add
]]><![CDATA[ #auto=start
]]><![CDATA[
]]>
</programlisting>
<para>
Don't forget to define the preshared secret here also.
</para>
<para>
File: /etc/ipsec.secrets
</para>
<programlisting>
<![CDATA[2001:db8:1:1::1 2001:db8:2:2::2 : PSK "verysecret"
]]>
</programlisting>
</sect3>
<sect3>
<title>
Running IPsec with IKE daemon &quot;pluto&quot;
</title>
<para>
If installation of Openswan was successfully, an initscript should be exist for starting IPsec, simple run (on each peer):
</para>
<programlisting>
<![CDATA[# /etc/rc.d/init.d/ipsec start
]]>
</programlisting>
<para>
Afterwards, start this connection on one peer, if you seen the line &quot;IPsec SA established&quot;, all worked fine.
</para>
<programlisting>
<![CDATA[# ipsec auto --up ipv6-peer1-peer2
]]><![CDATA[104 "ipv6-p1-p2" #1: STATE_MAIN_I1: initiate
]]><![CDATA[106 "ipv6-p1-p2" #1: STATE_MAIN_I2: sent MI2, expecting MR2
]]><![CDATA[108 "ipv6-p1-p2" #1: STATE_MAIN_I3: sent MI3, expecting MR3
]]><![CDATA[004 "ipv6-p1-p2" #1: STATE_MAIN_I4: ISAKMP SA established
]]><![CDATA[112 "ipv6-p1-p2" #2: STATE_QUICK_I1: initiate
]]><![CDATA[004 "ipv6-p1-p2" #2: STATE_QUICK_I2: sent QI2,
]]><![CDATA[¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22}
]]>
</programlisting>
<para>
Because *S/WAN and setkey/racoon uses the same IPsec implementation in Linux kernel, &quot;setkey&quot; can be used also here to show current active parameters:
</para>
<programlisting>
<![CDATA[# setkey -D
]]><![CDATA[2001:db8:1:1::1 2001:db8:2:2::2
]]><![CDATA[ esp mode=transport spi=2844489488(0xa98b7710) reqid=16385(0x00004001)
]]><![CDATA[ E: aes-cbc 082ee274 2744bae5 7451da37 1162b483
]]><![CDATA[ A: hmac-sha1 b7803753 757417da 477b1c1a 64070455 ab79082c
]]><![CDATA[ seq=0x00000000 replay=64 flags=0x00000000 state=mature
]]><![CDATA[ created: Jan 1 21:16:32 2005 current: Jan 1 21:22:20 2005
]]><![CDATA[ diff: 348(s) hard: 0(s) soft: 0(s)
]]><![CDATA[ last: hard: 0(s) soft: 0(s)
]]><![CDATA[ current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
]]><![CDATA[ allocated: 0 hard: 0 soft: 0
]]><![CDATA[ sadb_seq=1 pid=23825 refcnt=0
]]><![CDATA[2001:db8:2:2::2 2001:db8:1:1::1
]]><![CDATA[ esp mode=transport spi=2770214690(0xa51e1f22) reqid=16385(0x00004001)
]]><![CDATA[ E: aes-cbc 6f59cc30 8d856056 65e07b76 552cac18
]]><![CDATA[ A: hmac-sha1 c7c7d82b abfca8b1 5440021f e0c3b335 975b508b
]]><![CDATA[ seq=0x00000000 replay=64 flags=0x00000000 state=mature
]]><![CDATA[ created: Jan 1 21:16:31 2005 current: Jan 1 21:22:20 2005
]]><![CDATA[ diff: 349(s) hard: 0(s) soft: 0(s)
]]><![CDATA[ last: hard: 0(s) soft: 0(s)
]]><![CDATA[ current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
]]><![CDATA[ allocated: 0 hard: 0 soft: 0
]]><![CDATA[ sadb_seq=0 pid=23825 refcnt=0
]]>
</programlisting>
</sect3>
</sect2>
</sect1>
@ -8887,6 +9249,22 @@ Suggestions are welcome!
</sect2>
<sect2>
<title>
2004
</title>
<itemizedlist>
<listitem>
<para>
1st Global IPv6 Summit in Sao Paul, Brazil
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
@ -9065,7 +9443,7 @@ ISATAP
<sect2>
<title>
Latest news
Latest news and URLs to other documents
</title>
<para>
More to be filled later...suggestions are welcome!
@ -9088,6 +9466,12 @@ More to be filled later...suggestions are welcome!
<ulink url="http://www.ipv6-net.de/">ipv6-net.org</ulink>, German forum
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www.estoile.com/links/ipv6">Lot of URLs to others documents</ulink> by Anil Edathara
</para>
</listitem>
</itemizedlist>
@ -10307,6 +10691,12 @@ Application lists
<itemizedlist>
<listitem>
<para>
<ulink url="http://www.deepspace6.net/docs/ipv6_status_page_apps.html">DeepSpace6 / IPv6 Status Page</ulink> (<ulink url="http://mirrors.bieringer.de/www.deepspace6.net/docs/ipv6_status_page_apps.html">Mirror</ulink>)
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www.ipv6.org/v6-apps.html">IPv6.org / IPv6 enabled applications</ulink>
</para>
@ -11065,8 +11455,24 @@ More Tunnel brokers...
Native IPv6 Services
</title>
<para>
Note: These services are only available with a valid IPv6 connection!
Note: These services are mostly only available with a valid IPv6 connection!
</para>
<sect3 id="information-nativeipv6nntp">
<title>
Net News (NNTP)
</title>
<itemizedlist>
<listitem>
<para>
<ulink url="nntp://news.ipv6.scarlet-internet.nl/">news.ipv6.scarlet-internet.nl</ulink> (accessible through all the SixXS POPs)
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3 id="information-nativeipv6gameserver">
<title>
Game Server
@ -11509,6 +11915,18 @@ traceroute6, whois: <ulink url="http://www.ipng.nl/">IPng.nl</ulink>
AAAA Lookup Checker <ulink url="http://www.cnri.dit.ie/cgi-bin/check_aaaa.pl">http://www.cnri.dit.ie/cgi-bin/check_aaaa.pl</ulink>
</para>
</listitem>
<listitem>
<para>
Various tools: <ulink url="http://www.ipv6tools.com/">IPv6tools</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="http://doc.tavian.com/ipv6util/index.htm">IPv6 address analysis tool</ulink> (something similar to ipv6calc's information option)
</para>
</listitem>
</itemizedlist>
@ -11678,6 +12096,15 @@ Releases 0.x
<variablelist>
<varlistentry>
<term>
0.47.1
</term><listitem><para>2005-01-01/PB: add information and examples about IPv6 IPsec, add some URLs
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
0.47
</term><listitem><para>2004-08-30/PB: add some notes about proftpd, vsftpd and other daemons, add some URLs, minor fixes, update status of Spanish translation
</para>