[strongSwan] About two tunnel issue
David Deng
david.live.koo at gmail.com
Tue Nov 16 09:44:19 CET 2010
Hi Andreas, Hi All,
During the last two weeks, I did a interesting testing which will be
described as followed.
1) I established IPSEC tunnel by using strongswan over IP-in-IP tunnel (that
means two tunnel has been established);
2) In these two tunnel, I used the same inner IP as the original IP (that
means there IPs are the same);
3) I use the linux kernel 2.6.28 with the following patches and enabled the
IPsec related kernel options.
*1*
SKB True Size Problem, detail information can be found in:
http://patchwork.kernel.org/patch/11964/
*2*
IPV6 Stack Problem, detail information can be found in:
*http://kerneltrap.org/mailarchive/linux-netdev/2008/11/25/4231304*<http://kerneltrap.org/mailarchive/linux-netdev/2008/11/25/4231304>
4) After two tunnel established successfully, I initiate ping from the
host{A} to host{B}. ICMP reply package can not be seen on the cosole but
I can see these packages in the cratched list of tcpdump (tcpdump -i
ip-in-ip).
so I am wander that if this scenarios (IPsec tunnel mode over IP-IN-IP
tunnel mode) can be supported by linux kernel2.6.28 or later version of
kernel.
If I need apply some patches to support this scenarios (IPsec tunnel mode
over IP-IN-IP tunnel mode).
look forward to your answer, thanks a lot!
cheers,
David Morris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101116/92362284/attachment.html>
More information about the Users
mailing list