[Bug 271394] 13.2 IPSEC IPv6 UDP encapsulation not implemented - PATCH attached to implement it

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271394

            Bug ID: 271394
           Summary: 13.2 IPSEC IPv6 UDP encapsulation not implemented -
                    PATCH attached to implement it
           Product: Base System
           Version: 13.2-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: Russell.Yount@gmail.com

Created attachment 242147
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=242147&action=edit
FreeBSB 13.2 - Patch for PSEC IPv6 UDP encapsulation

The FreeBSD 13.2 kernel does not support IPv6 IPSEC UDP Encapsulation of ESP.

The Android StrongSWAN VPN application does not have root privileges needed
to used a RAW socket and must used UDP Encapsulation of ESP to work with
either IPv4 or IPv6. It would be useful for FreeBSD to support IPv6 VPN
service with Android.

Attached is a patch for FreeBSD 13.2-RELEASE which adds support for
IPv6 IPSEC UDP Encapsulation of ESP. The patch adds IPv6 support for UDP
encapsulation which mirrors the exist IPv4 support with the addition
of enabling UDP checksums which are required by IPv6.

Tested with StrongSWan U5.9.10/K13.2-RELEASE (current ports version) 
using both normal and NAT'ed configrations.

During testing I found a bug in 13.2 IPSEC implementation unrelated to
this path. I have submitted another bug report for it (271393)

I help with supported of this in FreeBSD if needed.

-Russ

Russell J. Yount <Russell.Yount@gmail.com>

-- 
You are receiving this mail because:
You are the assignee for the bug.