[strongSwan] Is multicast-routing (by enabling PIM-SM/PIM-DM) supported directly on the XFRM-Interfaces Or is it possible to use the "forecast" plugin-feature to do the multicast forwarding on the IKEv2-IPsec Tunnel (using xfrm-interface)

Rajiv Kulkarni rajivkulkarni69 at gmail.com
Mon Jan 31 22:25:34 CET 2022 

Hello Noel

Thank you so much as always for your response and help

>>>You better test it first though with your specific software.
Yes, as you mentioned, iam in the process of running the initial
feature-validation tests in my test-bed (some peers are OpenWRT-based, some
are Ubuntu-Linux, and some Cisco-Routers), and then if the configs work
correctly, i will then deploy in the actual network resources....
...atleast that's the plan.

Iam in process of updating the kernel (to atleast 4.19.31 & above) on Some
of the Ubuntu-Linux-peers in my setup that are still on v4.15 and cannot
use xfrm-interfaces (this is taking up time...have to do it manually,,,both
kernel update and also iproute2 update...)

I have FRrouting-package installed on these linux-gateways...so should be
able to configure PIM too if supported.

I will surely post an update of the test results (especially with reference
to multicast support)  ASAP

thanks & regards
Rajiv




On Mon, Jan 31, 2022 at 3:51 AM Noel Kuntze
<noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:

> Hello Rajiv,
>
> Should work fine with XFRM interfaces. AFAIR I tested something like that
> but with OSPF some time ago and it worked.
> You better test it first though with your specific software.
>
> Kind regards
> Noel
>
> Am 30.01.22 um 15:59 schrieb Rajiv Kulkarni:
> > Hi
> >
> > I did search for any existing discussion on this, but as of now did not
> come across it.
> >
> > So i have this question on using xfrm-interfaces with ipsec-tunnels
> >
> > Is multicast-routing supported with the xfrm-interfaces?
> >   - I mean, can we enabled and run PIM (SM and/or DM) on the
> xfrm-interfaces and therefore enable forwarding of multicast traffic across
> the ipsec tunnels binded to the xfrm-interfaces?
> >
> > Or, alternatively, if above is not supported, can we use the "forecast"
> plugin config method to make available the multicast-traffic forwarding on
> the xfrm-interfaces?
> >
> >   thanks & regards
> > Rajiv
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20220201/cc667315/attachment.html>

More information about the Users mailing list