Date: Sat, 13 May 2023 19:47:27 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271394 Bug ID: 271394 Summary: 13.2 IPSEC IPv6 UDP encapsulation not implemented - PATCH attached to implement it Product: Base System Version: 13.2-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: Russell.Yount@gmail.com Created attachment 242147 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=242147&action=edit FreeBSB 13.2 - Patch for PSEC IPv6 UDP encapsulation The FreeBSD 13.2 kernel does not support IPv6 IPSEC UDP Encapsulation of ESP. The Android StrongSWAN VPN application does not have root privileges needed to used a RAW socket and must used UDP Encapsulation of ESP to work with either IPv4 or IPv6. It would be useful for FreeBSD to support IPv6 VPN service with Android. Attached is a patch for FreeBSD 13.2-RELEASE which adds support for IPv6 IPSEC UDP Encapsulation of ESP. The patch adds IPv6 support for UDP encapsulation which mirrors the exist IPv4 support with the addition of enabling UDP checksums which are required by IPv6. Tested with StrongSWan U5.9.10/K13.2-RELEASE (current ports version) using both normal and NAT'ed configrations. During testing I found a bug in 13.2 IPSEC implementation unrelated to this path. I have submitted another bug report for it (271393) I help with supported of this in FreeBSD if needed. -Russ Russell J. Yount <Russell.Yount@gmail.com> -- You are receiving this mail because: You are the assignee for the bug.