lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 24 May 2007 18:03:30 +0900
From:	Fernando Luis Vázquez Cao 
To:	Herbert Xu <>
Subject: Re: [IPv6] UDP Encapsulation of IPsec ESP Packets

On Thu, 2007-05-24 at 18:34 +1000, Herbert Xu wrote:
> Fernando Luis V??zquez Cao <> wrote:
> > I noticed that IPv4-over-IPv6 made into 2.6.21 (thank you!) and that
> > prompted to check the progress with the implementation of rfc3948 (UDP
> > Encapsulation of IPsec ESP Packets) in Linux. For IPv4 the code is
> > already there, but that does not seem to be the case for IPv6. I have
> > checked the usagi kernels and Dave S. Miller's net git tree and could
> > not find anything.
> > 
> > Is anyone working on this? I would appreciate any information on the
> > status of this work.
> If we don't have NAT on IPv6 why would you need UDP encapsulation?
Hi Herbert,

Thank you for your feedback.

Depending on the filtering rules it is possible that a gateway/firewall
does not accept incoming ESP packets. When the filter rules of the
firewall cannot be changed (because one is not the administrator) the
only way of traversing the firewall is using some sort of encapsulation,
such as UDP encapsulation.

Is there any other way to circumvent this issue?

(By the way, the premise is that network is a pure ipv6 environment)

 - Fernando

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists