[strongSwan] Is multicast-routing (by enabling PIM-SM/PIM-DM) supported directly on the XFRM-Interfaces Or is it possible to use the "forecast" plugin-feature to do the multicast forwarding on the IKEv2-IPsec Tunnel (using xfrm-interface)

Noel Kuntze noel.kuntze at thermi.consulting
Mon Jan 31 22:29:34 CET 2022


Hello Rajiv,

Those are good news.
I propose you just do a whole distro upgrade to a recent version of Ubuntu that has a version > 5.10 or something.

Kind regards
Noel

Am 31.01.22 um 22:25 schrieb Rajiv Kulkarni:
> Hello Noel
>
> Thank you so much as always for your response and help
>
> >>>You better test it first though with your specific software.
> Yes, as you mentioned, iam in the process of running the initial feature-validation tests in my test-bed (some peers are OpenWRT-based, some are Ubuntu-Linux, and some Cisco-Routers), and then if the configs work correctly, i will then deploy in the actual network resources.... ...atleast that's the plan.
>
> Iam in process of updating the kernel (to atleast 4.19.31 & above) on Some of the Ubuntu-Linux-peers in my setup that are still on v4.15 and cannot use xfrm-interfaces (this is taking up time...have to do it manually,,,both kernel update and also iproute2 update...)
>
> I have FRrouting-package installed on these linux-gateways...so should be able to configure PIM too if supported.
>
> I will surely post an update of the test results (especially with reference to multicast support)  ASAP
>
> thanks & regards
> Rajiv
>
>
>
>
> On Mon, Jan 31, 2022 at 3:51 AM Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:
>
>     Hello Rajiv,
>
>     Should work fine with XFRM interfaces. AFAIR I tested something like that but with OSPF some time ago and it worked.
>     You better test it first though with your specific software.
>
>     Kind regards
>     Noel
>
>     Am 30.01.22 um 15:59 schrieb Rajiv Kulkarni:
>     > Hi
>     >
>     > I did search for any existing discussion on this, but as of now did not come across it.
>     >
>     > So i have this question on using xfrm-interfaces with ipsec-tunnels
>     >
>     > Is multicast-routing supported with the xfrm-interfaces?
>     >   - I mean, can we enabled and run PIM (SM and/or DM) on the xfrm-interfaces and therefore enable forwarding of multicast traffic across the ipsec tunnels binded to the xfrm-interfaces?
>     >
>     > Or, alternatively, if above is not supported, can we use the "forecast" plugin config method to make available the multicast-traffic forwarding on the xfrm-interfaces?
>     >
>     >   thanks & regards
>     > Rajiv
>     >
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20220131/bab14bea/attachment-0001.sig>


More information about the Users mailing list