On Thu, 2007-05-24 at 18:03 +0900, Fernando Luis Vázquez Cao wrote: > On Thu, 2007-05-24 at 18:34 +1000, Herbert Xu wrote: > > Fernando Luis V??zquez Cao <[EMAIL PROTECTED]> wrote: > > > I noticed that IPv4-over-IPv6 made into 2.6.21 (thank you!) and that > > > prompted to check the progress with the implementation of rfc3948 (UDP > > > Encapsulation of IPsec ESP Packets) in Linux. For IPv4 the code is > > > already there, but that does not seem to be the case for IPv6. I have > > > checked the usagi kernels and Dave S. Miller's net git tree and could > > > not find anything. > > > > > > Is anyone working on this? I would appreciate any information on the > > > status of this work. > > > > If we don't have NAT on IPv6 why would you need UDP encapsulation? > Hi Herbert, > > Thank you for your feedback. > > Depending on the filtering rules it is possible that a gateway/firewall > does not accept incoming ESP packets. When the filter rules of the > firewall cannot be changed (because one is not the administrator) the > only way of traversing the firewall is using some sort of encapsulation, > such as UDP encapsulation. > > Is there any other way to circumvent this issue? > > (By the way, the premise is that network is a pure ipv6 environment) As an aside, RFC-3948 explicitly indicates that ESP encapsulation as defined in the RFC can be used in both IPv4 and IPv6 scenarios. I guess that they had cases like this in mind.
- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
