From nobody Sat May 13 19:47:27 2023 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QJbkl3987z4BjhZ for ; Sat, 13 May 2023 19:47:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QJbkl0Wwnz3ptC for ; Sat, 13 May 2023 19:47:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1684007247; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/Gf5ckWBorWhHnOFxHkVNbdweTSf3rTR0NZeWZ3e12I=; b=sLRFgloSsHqi0fy7+DhwJcRlosfLdwV5RfxC0DJhohVtghzLesiFnCmgZ3dxlEU+k7dp17 WSq0LOjKSs1JR3ibEk1uwugRhwbp8ZgkKBKyCxzsD05ua7CT58W8NzcPs5lf/OzDwZ9Brf rD7Ftz0rBAMB05Gi8lyMoDcwkeNAkR8NBmwjneKpo0NAwSwxuw5/s1Z77dJMIezHtBYapA Ba4p1r9jU4rqMrX2IG4bD4LxF3uYjkevy/F8dMc39n8x5nRZwC1HphM7dHaQAtZkZUU6Wp t1Gbjd2MQlyvEmxxR416YWxGpp2S+g12gHpBWatqt52Md32QC/ZSFbwBXrdKqw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1684007247; a=rsa-sha256; cv=none; b=brCPBgsaCgNaRV4LhtWl3DegUPpbR2A/VHfkChhVcikZ1z9ItZJFCebcD7qHK3hURLH0fU A94h55g+2dqvOALGCxmRw4IT0AsSH2WCve0cUe3Am4cXv+X4/vI3gjzV1cCoyfuhQkFlyt 6/ZwKDoq2WkQotkG4urFk7T3X4mwINOYxqRZ2UgOFgJU272yZlEGgGx4lYeKjmQLxgoiI2 zI8+PUyrGQghiHcVkEp23SWgR7UJjDV/mJ+EjqAnxL/DL+FhGiePMozJk5pPmt1fo9xNqx lVorQdipI4l3nD/LOXU9EMYPA7LpmvlE5VIbUA4Spzy3X+LvhTqfVpcQwoQqMg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QJbkk6bWpzVDw for ; Sat, 13 May 2023 19:47:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 34DJlQMS049765 for ; Sat, 13 May 2023 19:47:26 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 34DJlQvv049764 for bugs@FreeBSD.org; Sat, 13 May 2023 19:47:26 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 271394] 13.2 IPSEC IPv6 UDP encapsulation not implemented - PATCH attached to implement it Date: Sat, 13 May 2023 19:47:27 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.2-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: Russell.Yount@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D271394 Bug ID: 271394 Summary: 13.2 IPSEC IPv6 UDP encapsulation not implemented - PATCH attached to implement it Product: Base System Version: 13.2-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: Russell.Yount@gmail.com Created attachment 242147 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D242147&action= =3Dedit FreeBSB 13.2 - Patch for PSEC IPv6 UDP encapsulation The FreeBSD 13.2 kernel does not support IPv6 IPSEC UDP Encapsulation of ES= P. The Android StrongSWAN VPN application does not have root privileges needed to used a RAW socket and must used UDP Encapsulation of ESP to work with either IPv4 or IPv6. It would be useful for FreeBSD to support IPv6 VPN service with Android. Attached is a patch for FreeBSD 13.2-RELEASE which adds support for IPv6 IPSEC UDP Encapsulation of ESP. The patch adds IPv6 support for UDP encapsulation which mirrors the exist IPv4 support with the addition of enabling UDP checksums which are required by IPv6. Tested with StrongSWan U5.9.10/K13.2-RELEASE (current ports version)=20 using both normal and NAT'ed configrations. During testing I found a bug in 13.2 IPSEC implementation unrelated to this path. I have submitted another bug report for it (271393) I help with supported of this in FreeBSD if needed. -Russ Russell J. Yount --=20 You are receiving this mail because: You are the assignee for the bug.=