[Xorp-users] PIM-SM routing over an IPSEC PF_KEY tunnel with no interface
Bruce M Simpson
bms@spc.org
Sun, 13 Mar 2005 18:40:42 -0800
On Sun, Mar 13, 2005 at 03:23:45PM -0800, Scott Mcdermott wrote:
...
> What this means is that I have no OS interface associated
> with the tunnel.
...
This is an old problem with IPSEC. There is no notion of 'interface mode
IPSEC' in general -- OpenBSD has something called the 'enc' interface
which roughly corresponds to what is needed here.
As Pavlin points out the multicast forwarding code needs to be able to
have a handle to a network interface with an assigned IP address.
In the past, when working with mrouted, I have used IPIP in transport mode
IPSEC to fulfil this role; IPIP is implemented in the other BSDs using the
'gif' interface, so once the necessary configuration is in place to bring
up a gif, XORP should be able to run PIM on top of it.
BMS