[strongSwan] UPnP/DLNA over IPsec
martin at strongswan.org
Mon Mar 25 10:04:43 CET 2013
> is there any way to tunnel UPnP/DLNA over IPsec without L2TP?
Yes. The difficult part is UPnP discovery, which uses the Simple Service
Discovery Protocol. SSDP uses IP multicast messages to 188.8.131.52.
So what you basically have to do is include 184.108.40.206 as
destination address in your IPsec policies, and then make sure that
these multicasts get properly forwarded on the involved IPsec hosts.
If you handle multiple connections, depending on your setup, this might
result in identical policies (e.g. 0.0.0.0/0 <-> 220.127.116.11/32).
Linux does not like these, so you'd have to use different Netfilter
marks to separate them.
More information about the Users