[strongSwan] Possible to broadcast packets down each IPsec tunnel from the SeGW ?

Graham Hudspith graham.hudspith at gmail.com
Tue Nov 1 15:59:44 CET 2011


Hi All,

This is probably a FAQ, but I'll give it a go anyway ...

Is it possible to send a packet to a subnet's broadcast address on the
secure side of a SeGW and have the packet sent down each IPsec tunnel whose
inner IP address belongs to that subnet ?

For instance, our strongSwan-based SeGW defines a conn config entry in
ipsec.conf where IPsec tunnels established using that config are assigned
inner IP addresses from a pool (e.g. 10.17.0.0/24).

If I run a program on the SeGW that formats up a UDP packet and sends it
directly to one of the IPsec tunnels using that tunnel's inner IP address
(i.e. 10.17.0.8), the UDP packet goes over the tunnel to the remote
endpoint.

However, if I run the same program and specify the address pool's broadcast
address as the destination (i.e. 10.17.0.255), nothing happens. Certainly,
no UDP traffic is sent over the tunnel.

Can anyone shed any light on this please ?

Regards,

Graham.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20111101/03e7dc64/attachment.html>


More information about the Users mailing list