[Openswan dev] begginer in openswan
carillan at unizar.es
Mon Jun 4 05:40:20 EDT 2007
Thanks for your reply,
I haven't heard about MSEC. I've been searching for it and all i've
found are RFC's of 2004, 2003...I think this standar has been
discontinued, and there isn't any implementation.
About the tunnels i've had problems with multicasting packets over
tunneling. Firewalls and packet organizers don't like tunnels...so this
solution is not valid for me. I need a solution that works in many
environments, not only with tunneling.
I've been thinking about Pluto. Can i use the keys obtained by a unicast
connection made by pluto with any other program? That is, I make the IKE
with Pluto unicast with a Key server that gives me some keys, and i read
that key from other program to decode the multicast flow. Is this
possible? Could i modify the pluto code to get this?
Thank you for your help
Universidad de Zaragoza (Spain)
Michael Richardson wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>>>>>>"Carlos" == Carlos Arilla <carillan at unizar.es> writes:
> Carlos> My name is Carlos Arilla and i'working in the University of
> Carlos> Zaragoza (Spain)
> Carlos> I'm programming IPsec for IPv6 Multicast and i think
> Carlos> Openswan could be util for me.
> Are you trying to implement the IETF msec protocols?
> IPsec does not multicast packets.
> You can build GRE tunnels over IPsec which may (if configured that
>way) support multicast enabled point to point links, and therefore be
>useable to PIM.
> You may also be looking at how to do neighbour discovery over IPv6
> Carlos> I need some info about IKE and multicast.
> There isn't any. Openswan IKE doesn't do multicast.
>] Bear: "Me, I'm just the shape of a bear." | firewalls [
>] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
>] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
>] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.6 (GNU/Linux)
>Comment: Finger me for keys
>-----END PGP SIGNATURE-----
More information about the Dev