[Swan] libreswan 3.20 does NOT listen on UDP port 4500 for IPv6
Paul Wouters
paul at nohats.ca
Mon Feb 12 21:04:32 UTC 2018
> On Feb 12, 2018, at 15:56, Hao Chen <earthlovepython at outlook.com> wrote:
>
> Thank you for your response.
>
> Are you saying: libreswan 3.20 does NOT support "IPv6 behind NAT" at all ??
Yes. And I am saying I don’t know if the Linux kernel supports it.
>
> Thanks
> From: Paul Wouters <paul at nohats.ca>
> Sent: Monday, February 12, 2018 11:36
> To: Hao Chen
> Cc: swan at lists.libreswan.org
> Subject: Re: [Swan] libreswan 3.20 does NOT listen on UDP port 4500 for IPv6
>
> On Mon, 12 Feb 2018, Hao Chen wrote:
>
> > I am working on "IPsec behind NAT" for IPv6.
> >
> > For IPv4, "pluto" listen on 4500 after start up. But for IPv6, "pluto" does NOT listen on it.....
> > But, for UDP port 500, "pluto" listen on IPv6 after startup....
> >
> > How to let "libreswan" listen on 4500 for IPv6?
>
> We currently don't do that because you're not supposed to NAT IPv6 :(
>
> See also: https://www.ietf.org/mail-archive/web/ipsec/current/msg08845.html
>
> I don't know if the Linux kernel supports ESPinUDP for IPv6. Without
> that support, listening in libreswan would not help you much either.
>
> If you really want to change libreswan, look at programs/pluto/sysdep_linux.c
> and programs/pluto/kernel_netlink.c (and look for pluto_nat_port)
>
> Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180212/de0cc540/attachment.html>
More information about the Swan
mailing list