I need to disable encryption (disable_xfrm) for IPV6. Looked at the /proc/sys/net/ipv6/* but did not find disable_xfrm. Googling the subject, this is controlled by 'ipv4/conf/default/disable_xfrm for IPV6! But setting ipv4/conf/default/disable_xfrm to 1 still does not disable encryption. My linux version is 2.6.21. Unfortunately, I'm stuck with using 2.6.21.
- Am I missing a patch? If so, where can I get it?
- If 2.6.21 does not support my need, which version of linux supports this?

Thanks Much!

I am not sure you are going to get an answer on this. As to my understanding, the encryption method is built into IPv6, this is one of the major reasons it has not been deployed (officially). Too many larger companies, would lose money if it where. To disable it, means the problems that exist in the IPv4 world would then exist in the IPv6 world...security wise and I don't know about you, but I don't want people sniffing my packets.

I think the better question to ask is, "Why do I want to disable encryption on IPv6?" and "Do I really want the protocol I use to transfer information to be insecure?" (do you really trust http and telnet? or are you using ssh? [just curiuos])

However, if you do find a way to do this, it is not going to be a common practice, and you may end up have to go to the Source Code of the TCP packet for which IPv6 is actually implemented / written on, the encryption is almost the basis of IPv6.

***The best hackers in the world, are still in diapers***

Thanks for the response!
It is not that we are not doing the 'encryption'. We have a built-in processor which performs encryption that we like to use once 'policies & xfrm' negotiations are set up by linux. So it is an uncommon application (from linux perspective). Would you happen to know where the ipv6 encryption is being done in the kernel? It would be very helpful.
Thanks Much!