[strongSwan] Ping Multicast over IPSec
Noel Kuntze
noel at familie-kuntze.de
Wed Jul 15 15:13:03 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello,
You need to set charon.plugins.forecast.reinject to the conn name that you want to inject the packets into.
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 15.07.2015 um 14:42 schrieb Joyce LAMBERT:
> Hi all,
>
> I to get multicast workiing over IPsec.
>
> For this I have create one test environnement with 3 virtu?al machines
>
> ipsec1 (10.0.1.2/24) <=> (10.0.1.1/24) Router (10.0.2.1) <=> ipsec2 (10.0.2.2)
>
> Router is also connected to internet
>
> An Ipsec tunnel in up between Ipsec1 and Ipsec2
>
> I used a home compiled 5.3 version of Strongswan with forcast module Enable on debian 8.
>
> IPsec1 and Ipsec2 can ping themself. With TCPdump on router I see that traffic are ESP UDP-Encap
>
> Multicast IP are configure on right and left for the both IPSec server and forcast module loaded. But If I try to ping 224.0.0.5, packet go outside the tunnel without beeing encapsulated.
> Do you find something wrong on my configuration file? or Something I forget to configure on ipsec virtual machine ?
>
> Thank you
>
> Configuration IPsec1:
> ----------------------------
> ipsec.conf:
> Konsole output config setup
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> authby=secret
> keyexchange=ikev2
> mobike=yes
> Konsole output conn ipsec1-ipsec2
> left=10.0.1.2
> leftsubnet=224.0.0.0/4,10.0.1.2/32
> leftid=@ipsec1
> leftfirewall=yes
> right=10.0.2.2
> rightfirewall=yes
> rightsubnet=%dynamic,224.0.0.0/4,10.0.2.2/32
> rightid=@ipsec2
> auto=start
> rightfirewall=yes
> type=tunnel
> mark=%unique
> forceencaps=yes
>
> Konsole output /etc/strongswan.d/charon/forecast.conf
> forecast {
> groups=224.0.0.1,224.0.0.5,224.0.0.6
> interface=eth0
> load = yes
> }
>
> Configuration IPsec2:
> ----------------------------
> ipsec.conf:
> config setup
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> authby=secret
> keyexchange=ikev2
> mobike=yes
> conn ipsec2-ipsec1
> left=10.0.2.2
> leftsubnet=224.0.0.0/4,10.0.2.2/32
> leftid=@ipsec1
> leftfirewall=yes
> right=10.0.1.2
> rightfirewall=yes
> rightsubnet=%dynamic,224.0.0.0/4,10.0.1.2/32
> rightid=@ipsec2
> auto=start
> rightfirewall=yes
> type=tunnel
> mark=%unique
> forceencaps=yes
>
> /etc/strongswan.d/charon/forecast.conf
> forecast {
> groups=224.0.0.1,224.0.0.5,224.0.0.6
> interface=eth0
> load = yes
> }
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJVplxdAAoJEDg5KY9j7GZYpaoP/R6NLAuSRh4atWWoM+Ewx8Pr
xHwddlFTXSnCZ4YYd+CBztrCbrYfEygha5U0ZuLGC3AJBPxd0Mbtc0pgLyJpz5gs
nIik7+b5HG8SL0MaxQwsWFPCChuUVPKbRn0xMt6vAh/yYgKKXpTegN4eQHLuraSz
CyPYSdvIx0g2u66cuCK/mFWjAkIFVJ4DwnFPawcryXE5zTqhH/6c+ItGXvzG2YTU
o12geJUnJK8Ipo894COoJvHUzMWVYupKZWLOxXBtlYXsrLxfHnDB5xfE3niuCyx0
9blsejNa8YJLrVKJw7A+LNEExFpv8RiXOJ4svBnjAHFe7PSMSYh0oIkqoia+cD99
3vRlCribOg2pRRvpcIFR7Hf/xggAFvwhYq/mTBkqodPqZ8E8wiKBRn4H/hkWMZzd
vDIABFSUTZR1Psd4K5B0PmBd7udl/Xt/HwRoAKJAe2LoOsxF/NRQJZPX3CMtCSRZ
miYLsmMNf3NypkKHEVa/evVJf2nlsvtFDzICWW04KQlYM3uxUz23zw5NU9HWKc4C
iI7WO1GsCcf7Tfsd+Y4+Nb9qaVcu86r2UhrIvvMy5U8NDdRzKVrhykUBHdvX+yDe
4qItv2qcOekmR9ybcPen5sttPNt8SJTmLoIseSBxU9lH/vFWtROK3/458yTkqSjN
LQfmitIWpTFDpY1K6NHX
=T01v
-----END PGP SIGNATURE-----
More information about the Users
mailing list