[Swan] libreswan 3.20 does NOT listen on UDP port 4500 for IPv6
Paul Wouters
paul at nohats.ca
Mon Feb 12 19:36:12 UTC 2018
On Mon, 12 Feb 2018, Hao Chen wrote:
> I am working on "IPsec behind NAT" for IPv6.
>
> For IPv4, "pluto" listen on 4500 after start up. But for IPv6, "pluto" does NOT listen on it.....
> But, for UDP port 500, "pluto" listen on IPv6 after startup....
>
> How to let "libreswan" listen on 4500 for IPv6?
We currently don't do that because you're not supposed to NAT IPv6 :(
See also: https://www.ietf.org/mail-archive/web/ipsec/current/msg08845.html
I don't know if the Linux kernel supports ESPinUDP for IPv6. Without
that support, listening in libreswan would not help you much either.
If you really want to change libreswan, look at programs/pluto/sysdep_linux.c
and programs/pluto/kernel_netlink.c (and look for pluto_nat_port)
Paul
More information about the Swan
mailing list