On Tue, 2011-02-08 at 14:54 -0800, Drew wrote: > > I have posted to the ipsec-devel list and haven't gotten any responses. Also I > > have spent 2 days googling with > > no results about the above setup. Is it even possible to tunnel ipv4 packet thru > > an ipv6 ipsec tunnel? > AFAIK, No. It's probably a major "it depends". > IPv4 & IPv6 are different protocols so if you want to move IPv6 > traffic over a IPv4 IPSEC tunnel you need to encapsulate the IPv6 > payload within IPv4 packets. The reverse is also true of IPv4 over > IPv6. 1) That's not true of IPSec tunnels (transport mode is a totally different question). The ESP encapsulation itself contains the IP headers can can support it. 2) IKE, the key exchange and setup daemons, is a different matter. AFAIK, it is not possible with IKEv1. Paul and I discussed that over on the Openswan list some time ago. Basically, you can't negotiate the key exchange. IKEv2 is a different story. StrongSWAN supports IPv6 over IPv4 in an IPSec tunnel. I'm not currently sure about Openswan or Racoon (IPsec Tools). 3) In the case of IPv4 over IPv4, IPsec itself should handle it. Whether the keying daemons currently support the syntax is a question and it will most certainly have to be IKEv2. > This is why tunnel brokers like Freenet6 & Teredo exist, you can't > push IPv6 traffic out across an IPv4 only network without tunneling. But, IPsec is a tunnel. At least is has a "tunnel mode" (and I advise against transport mode in any case). Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@xxxxxxxxxxxx /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
