[sctp-dev] SCTP over IPSec

Fri Dec 10 02:19:32 PST 2010

On 12/ 8/10 07:25 PM, Haleplidis Evangelos wrote:
> Greetings everyone,
>
> I know this is a very old question, but we've just got to the point that we
> need to implement SCTP over IPSec.
>
> Has it been implemented by anyone? Is it's possible to provide any pointers
> other than the one Mr. Hegarty proposed one year from now?

Sorry, I haven't looked into this further since your last mail. I would 
be very interested in hearing about any experience you have with 
setup/config when you get this working.

-Chris.

> "There is an RFC, 3554, which I believe is an attempt to simplify running
> SCTP on top of IPsec, but even without this it should work.
> You will need to configure 2 * n * m Security Associations, where one SCTP
> endpoint has n addresses and the other m. An implementation of
> RFC 3554 would reduce this number to 2."
>
> Thank you in advance.
>
> Regards,
> Evangelos Haleplidis.
>
>> -----Original Message-----
>> From: sctp-dev-bounces at openjdk.java.net [mailto:sctp-dev-
>> bounces at openjdk.java.net] On Behalf Of Dennis Hjort
>> Sent: Tuesday, March 10, 2009 8:41 AM
>> To: sctp-dev at openjdk.java.net
>> Subject: Re: [sctp-dev] SCTP over IPSec
>>
>> Hi Evangelos,
>>
>> Okey, in that case we are "in the same boat" so to speak ! ;-)
>>
>> In our case, it will be in our implementation list, but not until Q3 or
>> Q4 of this year. Perhaps we do a test before that, and if that's the
>> case I'll try to post how we ran Ipsec ! :-)
>>
>> Regards,
>>
>> // D
>>
>>> -----Original Message-----
>>> From: sctp-dev-bounces at openjdk.java.net
>>> [mailto:sctp-dev-bounces at openjdk.java.net] On Behalf Of
>>> Evangelos Haleplidis
>>> Sent: den 9 mars 2009 22:41
>>> To: sctp-dev at openjdk.java.net
>>> Subject: Re: [sctp-dev] SCTP over IPSec
>>>
>>> Greetings Dennis,
>>>
>>> Sorry, but i have not have started working on IPsec yet.
>>>
>>> IPsec is not currently on my to implement list, but it may be
>>> in the near future, and that was the cause of my question.
>>>
>>> Regards,
>>> Evangelos Haleplidis.
>>>
>>>> -----Original Message-----
>>>> From: sctp-dev-bounces at openjdk.java.net
>>>> [mailto:sctp-dev-bounces at openjdk.java.net] On Behalf Of Dennis
>> Hjort
>>>> Sent: Monday, March 09, 2009 11:41 AM
>>>> To: sctp-dev at openjdk.java.net
>>>> Subject: Re: [sctp-dev] SCTP over IPSec
>>>>
>>>> Hi Evangelos !
>>>>
>>>> I was wondering if you have managed to get any further with IPSEC ?
>>>> Have you managed to run SCTP over IPSEC to this date or are
>>> you still
>>>> working on how to run IPSEC in the first place ?
>>>>
>>>> With kind regards
>>>>
>>>> // Dennis
>>>>
>>>>> -----Original Message-----
>>>>> From: sctp-dev-bounces at openjdk.java.net
>>>>> [mailto:sctp-dev-bounces at openjdk.java.net] On Behalf Of
>>> Christopher
>>>>> Hegarty - Sun Microsystems Ireland
>>>>> Sent: den 16 februari 2009 15:15
>>>>> To: Evangelos Haleplidis
>>>>> Cc: sctp-dev at openjdk.java.net
>>>>> Subject: Re: [sctp-dev] SCTP over IPSec
>>>>>
>>>>> Hi Evangelos,
>>>>>
>>>>> The simple answer is YES. You should be able to use a
>>>> standard IPSec
>>>>> implementation and run SCTP on top of it.
>>>>>
>>>>> There is no direct support for IPsec in the Java API of
>>>> course. IPsec
>>>>> (if configured) would live above the IP layer and below
>>> the native
>>>>> SCTP stack. Therefore, the Java SCTP implementation would
>>>> leverage the
>>>>> platforms IPsec implementation.
>>>>>
>>>>> There is an RFC, 3554, which I believe is an attempt to simplify
>>>>> running SCTP on top of IPsec, but even without this it
>>> should work.
>>>>> You will need to configure 2 * n * m Security Associations,
>>>> where one
>>>>> SCTP endpoint has n addresses and the other m. An
>>> implementation of
>>>>> RFC 3554 would reduce this number to 2.
>>>>>
>>>>> I checked both reference platforms, Solaris and LKSCTP, and both
>>>>> support this.
>>>>>
>>>>> Running a java.net.Socket over IPsec should be pretty much
>>>> the same as
>>>>> SCTP, only not as much SA's! But I have not tried this.
>>>>>
>>>>> -Chris.
>>>>>
>>>>> On 02/16/09 13:10, Evangelos Haleplidis wrote:
>>>>>> Greetings to the list,
>>>>>>
>>>>>> I have one question to make.
>>>>>>
>>>>>> Is there support of SCTP over IPsec in java? How can one use
>> it?
>>>>>>
>>>>>> Also, this is out of scope of the mailing list, but
>>>> relevant to the
>>>>>> question, how can you use IPsec in Java (TCP over IPsec).
>>>>>>
>>>>>> Regards,
>>>>>> Evangelos Haleplidis.
>>>>>>
>>>>>>
>>>>>
>>>
>>>
>>>
>