[strongSwan] concurrent VPN tunnels between one Strongswan client and one Gateway.
Ravi Kanth Vanapalli
vvnrk.vanapalli at gmail.com
Tue Oct 23 23:07:27 CEST 2012
Hi ,
In Strongswan’s code base netkey.c at line 46, which loads certain IPSec
modules using ‘modprobe’ command.
In line 51. There is a* ‘modprobe –qv xfrm_tunnel’ which actually *looks
for xfrm4_tunnel and then loads it to kernel if the module doesn’t exist.
After digging deep into it in the following link
http://www.cs.fsu.edu/~baker/devices/lxr/http/source/linux/net/ipv4/xfrm4_tunnel.c#L61
, I realized that xfrm4_tunnel module uses IPIP protocol (shown in line 42)
The weblink below gives some information about IPIP.
http://www.linuxfoundation.org/collaborate/workgroups/networking/tunneling#IPIP_tunnels
http://serverfault.com/questions/358708/whats-the-difference-between-gre-and-ipip-tunnel
<http://www.linuxfoundation.org/collaborate/workgroups/networking/tunneling#IPIP_tunnels>
The link say’s only one tunnel can be established between tunnel end points.
After a little more search, the weblink below
https://lists.strongswan.org/pipermail/users/2006-March/001321.html
says.. we can establish concurrent ipsec tunnels between endpoints provided
the endpoints show up non-overlapping subnets behind the gateway, which
directly contradicted what the second weblink on IPIP says.
My question here is if we are using xfrm4_tunnel ( which inturn uses IPIP
module ), how can we establish multiple tunnels between the same
endpoints. Does having a differnt sub-net modify the behaviour of IPIP
tunnel. ?
--
Regards,
Ravi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121023/6064cd65/attachment.html>
More information about the Users
mailing list