[Openswan dev] begginer in openswan

Carlos Arilla carillan at unizar.es
Mon Jun 4 05:40:20 EDT 2007 

Thanks for your reply,

I haven't heard about MSEC. I've been searching for it and all i've 
found are RFC's of 2004, 2003...I think this standar has been 
discontinued, and there isn't any implementation.

About the tunnels i've had problems with multicasting packets over 
tunneling. Firewalls and packet organizers don't like tunnels...so this 
solution is not valid for me. I need a solution that works in many 
environments, not only with tunneling.

I've been thinking about Pluto. Can i use the keys obtained by a unicast 
connection made by pluto with any other program? That is, I make the IKE 
with Pluto unicast with a Key server that gives me some keys, and i read 
that key from other program to decode the multicast flow. Is this 
possible? Could i modify the pluto code to get this?

Thank you for your help

Carlos Arilla
Universidad de Zaragoza (Spain)

Michael Richardson wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>  
>
>>>>>>"Carlos" == Carlos Arilla <carillan at unizar.es> writes:
>>>>>>            
>>>>>>
>    Carlos> My name is Carlos Arilla and i'working in the University of
>    Carlos> Zaragoza (Spain)
>
>    Carlos> I'm programming IPsec for IPv6 Multicast and i think
>    Carlos> Openswan could be util for me.
>
>  Are you trying to implement the IETF msec protocols?
>  IPsec does not multicast packets.
>
>  You can build GRE tunnels over IPsec which may (if configured that
>way) support multicast enabled point to point links, and therefore be
>useable to PIM.
>
>  You may also be looking at how to do neighbour discovery over IPv6
>tunnels.
>
>    Carlos> I need some info about IKE and multicast.
>
>  There isn't any. Openswan IKE doesn't do multicast.
>
>- -- 
>]            Bear: "Me, I'm just the shape of a bear."          |  firewalls  [
>]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
>] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
>] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.6 (GNU/Linux)
>Comment: Finger me for keys
>
>iQEVAwUBRl9CI4CLcPvd0N1lAQIhmAf/SmKGVJZ6XU+oeX25fXa0wwvFgFEw8iDT
>5HckjZA6xVefVMrryf2gtjHaOXKRKnhoaL5IBujffCGPi2zsnz+tCKElruw9T/JK
>uTSh/qhCV5bSj7YxpxV1YIoEV9J6+y//zZcjj+j5xcqYTsdWK213Adhp6FLi3WEq
>RPO1QbcMJXRMzLs+sJoBPDA2nLEMGJscFBSDnoCh7DRKsqx/ydzZfFxE0gHBOQ7s
>eYXPEy/fepUguCradsXkYWMZXSIheD+bsdq4VF9lnpSrcj9ecYbQz4LYVjRWK94L
>k/3M/lR+S7rva5v/iwGhL0HAF5tLZ25nQgeuKcZai3jMZ3j7sZ8qQg==
>=PZL7
>-----END PGP SIGNATURE-----
>
>  
>

More information about the Dev mailing list