On Sun, Apr 03, 2005 at 12:53:37PM +0200, Ignatios Souvatzis wrote:
> Just a remark:
> 
> On Sun, Apr 03, 2005 at 12:37:02PM +0200, Hubert Feyrer wrote:
> 
> > Looking at Toredo[1] it seemt to tunnel the v6 pkgs similar to 6to4, but 
> > uses a NAT-friendlier encapsulation (v4 UDP instead of some non-IP 
> > protocol, that's unlikely to be handled by NAT).
> 
> both 6to4 and fixed IPv6 in IPv4 tunnels use IP protocols... just neither
> TCP nor UDP.

It's a bit of a hack, but it ought to be possible to use the "NAT traversal"
support Manu added to our IPsec to tunnel arbitrary v6 packets in v4 UDP
packets that will pass through NAT unharmed.  It may be necessary to do
some IPsec transform on the packets, but you can probably pick a cheap one
like AH with MD5 and do it without a particularly bad performance problem
at either end.

Thor