On Mon, 12 Feb 2018, Hao Chen wrote:
I am working on "IPsec behind NAT" for IPv6.
For IPv4, "pluto" listen on 4500 after start up. But for IPv6, "pluto" does NOT
listen on it.....
But, for UDP port 500, "pluto" listen on IPv6 after startup....
How to let "libreswan" listen on 4500 for IPv6?
We currently don't do that because you're not supposed to NAT IPv6 :(
See also: https://www.ietf.org/mail-archive/web/ipsec/current/msg08845.html
I don't know if the Linux kernel supports ESPinUDP for IPv6. Without
that support, listening in libreswan would not help you much either.
If you really want to change libreswan, look at programs/pluto/sysdep_linux.c
and programs/pluto/kernel_netlink.c (and look for pluto_nat_port)
Swan mailing list