[strongSwan] Multicast over IPsec tunnels
Yang Su
Yang.Su at ascom.CH
Fri Feb 25 13:19:09 CET 2011
I try to understand the interaction between multicast/broadcast with IPsec
tunnel mode.
For the cases below, IPsec tunnel(s) are set up between gateway routers
(RA, RB, RC, RD). All the hosts in the all the subnets have joined the same
multicast group. All the SA's are set up manually. The question is whether
multicast/broadcast work over IPsec tunnels.
Case-1:
--------
subnet1 -- RA ------ RB -- subnet2
With manual SA, multicast should be able work for the above scenario, e.g.,
multicast packets from subnet1 can reach hosts in subnet2.
Case-2:
--------
RB -- subnet2
/
/
subnet1 -- RA --RC -- subnet3
\
\
RD -- subnet4
Multicast will never work for this setup.
Do you think if my understanding make sense, especially for the case2?
Thank you,
Yang Su
More information about the Users
mailing list