> On Feb 12, 2018, at 15:56, Hao Chen <earthlovepyt...@outlook.com> wrote: > > Thank you for your response. > > Are you saying: libreswan 3.20 does NOT support "IPv6 behind NAT" at all ??
Yes. And I am saying I don’t know if the Linux kernel supports it. > > Thanks > From: Paul Wouters <p...@nohats.ca> > Sent: Monday, February 12, 2018 11:36 > To: Hao Chen > Cc: firstname.lastname@example.org > Subject: Re: [Swan] libreswan 3.20 does NOT listen on UDP port 4500 for IPv6 > > On Mon, 12 Feb 2018, Hao Chen wrote: > > > I am working on "IPsec behind NAT" for IPv6. > > > > For IPv4, "pluto" listen on 4500 after start up. But for IPv6, "pluto" does > > NOT listen on it..... > > But, for UDP port 500, "pluto" listen on IPv6 after startup.... > > > > How to let "libreswan" listen on 4500 for IPv6? > > We currently don't do that because you're not supposed to NAT IPv6 :( > > See also: https://www.ietf.org/mail-archive/web/ipsec/current/msg08845.html > > I don't know if the Linux kernel supports ESPinUDP for IPv6. Without > that support, listening in libreswan would not help you much either. > > If you really want to change libreswan, look at programs/pluto/sysdep_linux.c > and programs/pluto/kernel_netlink.c (and look for pluto_nat_port) > > Paul
_______________________________________________ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan