[sctp-dev] SCTP over IPSec

Evangelos Haleplidis e_halep at yahoo.gr
Mon Mar 9 14:40:53 PDT 2009 

Greetings Dennis,

Sorry, but i have not have started working on IPsec yet.

IPsec is not currently on my to implement list, but it may be in the near
future, and that was the cause of my question.

Regards,
Evangelos Haleplidis.

> -----Original Message-----
> From: sctp-dev-bounces at openjdk.java.net 
> [mailto:sctp-dev-bounces at openjdk.java.net] On Behalf Of Dennis Hjort
> Sent: Monday, March 09, 2009 11:41 AM
> To: sctp-dev at openjdk.java.net
> Subject: Re: [sctp-dev] SCTP over IPSec
> 
> Hi Evangelos ! 
> 
> I was wondering if you have managed to get any further with 
> IPSEC ? Have you managed to run SCTP over IPSEC to this date 
> or are you still working on how to run IPSEC in the first place ? 
> 
> With kind regards
> 
> // Dennis
> 
> > -----Original Message-----
> > From: sctp-dev-bounces at openjdk.java.net 
> > [mailto:sctp-dev-bounces at openjdk.java.net] On Behalf Of Christopher 
> > Hegarty - Sun Microsystems Ireland
> > Sent: den 16 februari 2009 15:15
> > To: Evangelos Haleplidis
> > Cc: sctp-dev at openjdk.java.net
> > Subject: Re: [sctp-dev] SCTP over IPSec
> > 
> > Hi Evangelos,
> > 
> > The simple answer is YES. You should be able to use a 
> standard IPSec 
> > implementation and run SCTP on top of it.
> > 
> > There is no direct support for IPsec in the Java API of 
> course. IPsec 
> > (if configured) would live above the IP layer and below the native 
> > SCTP stack. Therefore, the Java SCTP implementation would 
> leverage the 
> > platforms IPsec implementation.
> > 
> > There is an RFC, 3554, which I believe is an attempt to simplify 
> > running SCTP on top of IPsec, but even without this it should work. 
> > You will need to configure 2 * n * m Security Associations, 
> where one 
> > SCTP endpoint has n addresses and the other m. An implementation of 
> > RFC 3554 would reduce this number to 2.
> > 
> > I checked both reference platforms, Solaris and LKSCTP, and both 
> > support this.
> > 
> > Running a java.net.Socket over IPsec should be pretty much 
> the same as 
> > SCTP, only not as much SA's! But I have not tried this.
> > 
> > -Chris.
> > 
> > On 02/16/09 13:10, Evangelos Haleplidis wrote:
> > > Greetings to the list,
> > > 
> > > I have one question to make.
> > > 
> > > Is there support of SCTP over IPsec in java? How can one use it?
> > > 
> > > Also, this is out of scope of the mailing list, but 
> relevant to the 
> > > question, how can you use IPsec in Java (TCP over IPsec).
> > > 
> > > Regards,
> > > Evangelos Haleplidis.
> > > 
> > > 
> >

More information about the sctp-dev mailing list