Re: v6-in-v4 IPsec and NAT traversal

To:	pekkas@xxxxxxxxxx (Pekka Savola), netdev@xxxxxxxxxxx
Subject:	Re: v6-in-v4 IPsec and NAT traversal
From:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date:	Sat, 13 Mar 2004 21:06:01 +1100
In-reply-to:	<Pine.LNX.4.44.0403131137400.22557-100000@xxxxxxxxxx>
Organization:	Core
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	tin/1.7.4-20031226 ("Taransay") (UNIX) (Linux/2.4.25-1-686-smp (i686))

Pekka Savola <pekkas@xxxxxxxxxx> wrote:
> 
> I'm interested whether Linux IPsec implementations support:
> 
> 1) IPv6 payload inside IPv4 IPsec tunnel/transport?

It's not supported directly by the IPsec stack.  However, you can
setup an SIT tunnel over a transport IPv4 IPsec SA.

> 2) NAT-traversal? (There are at least some patches in OpenSWAN, etc. 
> for this).  This could be very handy combined with the above.

Yes.  In particular Non-ESP UDP encapsulation is supported.

I believe that OpenSWAN has the code to work with the Linux stack.

> [[ 3) Some feasible key management method, such as certificates.  I 
> think this exists, and doesn't require support in the kernel. ]]

OpenSWAN supports that.
-- 
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

<Prev in Thread]	Current Thread	[Next in Thread>
v6-in-v4 IPsec and NAT traversal, Pekka Savola Re: v6-in-v4 IPsec and NAT traversal, Herbert Xu <= Re: v6-in-v4 IPsec and NAT traversal, Pekka Savola Re: v6-in-v4 IPsec and NAT traversal, Herbert Xu Re: v6-in-v4 IPsec and NAT traversal, Michael Richardson

Previous by Date:	v6-in-v4 IPsec and NAT traversal, Pekka Savola
Next by Date:	Re: ifconfig bug removes aliases, Julian Anastasov
Previous by Thread:	v6-in-v4 IPsec and NAT traversal, Pekka Savola
Next by Thread:	Re: v6-in-v4 IPsec and NAT traversal, Pekka Savola
Indexes:	[Date] [Thread] [Top] [All Lists]