[strongSwan] Multicast over IPsec tunnels
Yang.Su at ascom.CH
Fri Feb 25 13:19:09 CET 2011
I try to understand the interaction between multicast/broadcast with IPsec
For the cases below, IPsec tunnel(s) are set up between gateway routers
(RA, RB, RC, RD). All the hosts in the all the subnets have joined the same
multicast group. All the SA's are set up manually. The question is whether
multicast/broadcast work over IPsec tunnels.
subnet1 -- RA ------ RB -- subnet2
With manual SA, multicast should be able work for the above scenario, e.g.,
multicast packets from subnet1 can reach hosts in subnet2.
RB -- subnet2
subnet1 -- RA --RC -- subnet3
RD -- subnet4
Multicast will never work for this setup.
Do you think if my understanding make sense, especially for the case2?
More information about the Users