Subject: Re: ipv6 source address selection
To: Michael van Elst <firstname.lastname@example.org>
From: Stone <email@example.com>
Date: 09/25/2007 14:52:06
In message <20070925211032.GA6028@serpens.de>Michael van Elst writes
>On Tue, Sep 25, 2007 at 01:55:26PM -0700, Jonathan Stone wrote:
>I wanted to know wether the NetBSD kernel supports RFC3484 when I
>build it with the FAST_IPSEC option.
I have no idea. The FAST_IPSEC in released versions of NetBSD
used to not work with IPv6 at all. If you try to configure
Ipv6 and FAST_IPSEC, you used to get a panic.
I beleive the NetSBD-4 branch contains some small kludges which
allows FAST_IPSEC and IPv6 to coexist at compile-time. But the
last time I remember trying, sending an IPsec'ed IPv6 packe to
such a kernel would cause a panic.
>Currently FAST_IPSEC supports IPv6, but I don't know what part
>of KAME IPv6 it interferes with. The source suggests that it
>only replaces the IPSEC related parts.
The intent was to replace only the IPsec portions of KAME's Ipv6.
But I have no idea what heppens in -current with IPv6 and FAST_IPSEC.