[strongSwan] UPnP/DLNA over IPsec

Martin Willi martin at strongswan.org
Mon Mar 25 10:04:43 CET 2013

Hi Niccolò,

> is there any way to tunnel UPnP/DLNA over IPsec without L2TP?

Yes. The difficult part is UPnP discovery, which uses the Simple Service
Discovery Protocol. SSDP uses IP multicast messages to

So what you basically have to do is include as
destination address in your IPsec policies, and then make sure that
these multicasts get properly forwarded on the involved IPsec hosts.

If you handle multiple connections, depending on your setup, this might
result in identical policies (e.g. <->
Linux does not like these, so you'd have to use different Netfilter
marks to separate them.

Best regards

More information about the Users mailing list