<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><br><div><br>On Feb 12, 2018, at 15:56, Hao Chen <<a href="mailto:earthlovepython@outlook.com">earthlovepython@outlook.com</a>> wrote:<br><br></div><blockquote type="cite"><div>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt; background-color: transparent;">
Thank you for your response. </div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt; background-color: transparent;">
<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt; background-color: transparent;">
Are you saying: libreswan 3.20 does NOT support "IPv6 behind NAT" at all ?? </div></div></blockquote><div><br></div>Yes. And I am saying I don’t know if the Linux kernel supports it.<div><br></div><div><br><blockquote type="cite"><div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt; background-color: transparent;">
<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt; background-color: transparent;">
Thanks<br>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Paul Wouters <<a href="mailto:paul@nohats.ca">paul@nohats.ca</a>><br>
<b>Sent:</b> Monday, February 12, 2018 11:36<br>
<b>To:</b> Hao Chen<br>
<b>Cc:</b> <a href="mailto:swan@lists.libreswan.org">swan@lists.libreswan.org</a><br>
<b>Subject:</b> Re: [Swan] libreswan 3.20 does NOT listen on UDP port 4500 for IPv6</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">On Mon, 12 Feb 2018, Hao Chen wrote:<br>
<br>
> I am working on "IPsec behind NAT" for IPv6. <br>
> <br>
> For IPv4, "pluto" listen on 4500 after start up. But for IPv6, "pluto" does NOT listen on it.....<br>
> But, for UDP port 500, "pluto" listen on IPv6 after startup....<br>
> <br>
> How to let "libreswan" listen on 4500 for IPv6? <br>
<br>
We currently don't do that because you're not supposed to NAT IPv6 :(<br>
<br>
See also: <a href="https://www.ietf.org/mail-archive/web/ipsec/current/msg08845.html">
https://www.ietf.org/mail-archive/web/ipsec/current/msg08845.html</a><br>
<br>
I don't know if the Linux kernel supports ESPinUDP for IPv6. Without<br>
that support, listening in libreswan would not help you much either.<br>
<br>
If you really want to change libreswan, look at programs/pluto/sysdep_linux.c<br>
and programs/pluto/kernel_netlink.c (and look for pluto_nat_port)<br>
<br>
Paul<br>
</div>
</span></font></div>
</div></blockquote></div></body></html>