Thank you for your response.

Are you saying: libreswan 3.20 does NOT support "IPv6 behind NAT" at all ??

Thanks
________________________________
From: Paul Wouters <p...@nohats.ca>
Sent: Monday, February 12, 2018 11:36
To: Hao Chen
Cc: swan@lists.libreswan.org
Subject: Re: [Swan] libreswan 3.20 does NOT listen on UDP port 4500 for IPv6

On Mon, 12 Feb 2018, Hao Chen wrote:

> I am working on "IPsec behind NAT" for IPv6.
>
> For IPv4, "pluto" listen on 4500 after start up. But for IPv6, "pluto" does 
> NOT listen on it.....
> But, for UDP port 500, "pluto" listen on IPv6 after startup....
>
> How to let "libreswan" listen on 4500 for IPv6?

We currently don't do that because you're not supposed to NAT IPv6 :(

See also: https://www.ietf.org/mail-archive/web/ipsec/current/msg08845.html

I don't know if the Linux kernel supports ESPinUDP for IPv6. Without
that support, listening in libreswan would not help you much either.

If you really want to change libreswan, look at programs/pluto/sysdep_linux.c
and programs/pluto/kernel_netlink.c (and look for pluto_nat_port)

Paul
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to