[strongSwan] UPnP/DLNA over IPsec
Martin Willi
martin at strongswan.org
Mon Mar 25 10:04:43 CET 2013
Hi Niccolò,
> is there any way to tunnel UPnP/DLNA over IPsec without L2TP?
Yes. The difficult part is UPnP discovery, which uses the Simple Service
Discovery Protocol. SSDP uses IP multicast messages to 239.255.255.250.
So what you basically have to do is include 239.255.255.250 as
destination address in your IPsec policies, and then make sure that
these multicasts get properly forwarded on the involved IPsec hosts.
If you handle multiple connections, depending on your setup, this might
result in identical policies (e.g. 0.0.0.0/0 <-> 239.255.255.250/32).
Linux does not like these, so you'd have to use different Netfilter
marks to separate them.
Best regards
Martin
More information about the Users
mailing list