netdev
[Top] [All Lists]

Re: v6-in-v4 IPsec and NAT traversal

To: pekkas@xxxxxxxxxx (Pekka Savola), netdev@xxxxxxxxxxx
Subject: Re: v6-in-v4 IPsec and NAT traversal
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 15 Mar 2004 22:36:43 +1100
In-reply-to: <Pine.LNX.4.44.0403131452280.25018-100000@xxxxxxxxxx>
Organization: Core
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: tin/1.7.4-20031226 ("Taransay") (UNIX) (Linux/2.4.25-1-686-smp (i686))
Pekka Savola <pekkas@xxxxxxxxxx> wrote:
> 
> Is this planned?  Are there issues with "native" support why it would 
> not be feasible?

http://www.spinics.net/lists/linux-net/msg08197.html

> Avoiding double encapsulation would be IMHO really useful, and several 
> other implementations are already reported to allow this.

There is no double encapsulation.  Using an SIT tunnel inside a
transport v4 SA is equivalent to a v6/v4 SA in terms of overhead.

However, you do lose the ability to negotiate the selector but
you can always use netfilter to fix it up.
-- 
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

<Prev in Thread] Current Thread [Next in Thread>