[Openswan dev] IPv6 support in kernel part of openswan
Paul Wouters
paul at xelerance.com
Sat Nov 15 12:18:08 EST 2008
On Sat, 15 Nov 2008, John Denker wrote:
> > What kernel part (NETKEY, KLIPS, USAGI, ...) should I use to have
> > both: IPv6 support and virtual ipsec network interfaces (ipsecX)?
>
> I don't think you can have both.
> -- ipsec0 is a KLIPS thing (not NETKEY)
> -- IPv6 is a NETKEY thing (not KLIPS)
That's right.
> Most of the things that can be done with ipsec0 can be
> done in other ways. This is a lot of extra work, but
> AFAIK it is a price that must be paid for IPv6.
I'd really like netkey to be able to asssign a tun/tap/sit interface
to a tunnel. I wonder if it is possible to set one up and do guide
the packets through with fwmark'ing.
Paul
More information about the Dev
mailing list