[Swan] libreswan 3.20 does NOT listen on UDP port 4500 for IPv6
Hao Chen
earthlovepython at outlook.com
Mon Feb 12 20:56:28 UTC 2018
Thank you for your response.
Are you saying: libreswan 3.20 does NOT support "IPv6 behind NAT" at all ??
Thanks
________________________________
From: Paul Wouters <paul at nohats.ca>
Sent: Monday, February 12, 2018 11:36
To: Hao Chen
Cc: swan at lists.libreswan.org
Subject: Re: [Swan] libreswan 3.20 does NOT listen on UDP port 4500 for IPv6
On Mon, 12 Feb 2018, Hao Chen wrote:
> I am working on "IPsec behind NAT" for IPv6.
>
> For IPv4, "pluto" listen on 4500 after start up. But for IPv6, "pluto" does NOT listen on it.....
> But, for UDP port 500, "pluto" listen on IPv6 after startup....
>
> How to let "libreswan" listen on 4500 for IPv6?
We currently don't do that because you're not supposed to NAT IPv6 :(
See also: https://www.ietf.org/mail-archive/web/ipsec/current/msg08845.html
I don't know if the Linux kernel supports ESPinUDP for IPv6. Without
that support, listening in libreswan would not help you much either.
If you really want to change libreswan, look at programs/pluto/sysdep_linux.c
and programs/pluto/kernel_netlink.c (and look for pluto_nat_port)
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180212/2c9a3401/attachment-0001.html>
More information about the Swan
mailing list