List Info

Thread: begginer in openswan
begginer in openswan
country flaguser name
Spain		 2007-05-31 08:32:42 
hello,

My name is Carlos Arilla and i'working in the University of
Zaragoza (Spain)

I'm programming IPsec for IPv6 Multicast and i think
Openswan could be 
util for me.

I need some info about IKE and multicast.

I,ve started today to see how Openswan and Pluto works, but
maybe i'd 
need more info about multicast and how i can make it work
with IPsec.
I will write when i knew what info i need exactly.

Regars
Carlos

PS: Sorry for my "not good" English
_______________________________________________
Dev mailing list
Devopenswan.org
http:/
/lists.openswan.org/mailman/listinfo/dev
Re: begginer in openswan
country flaguser name
Canada		 2007-05-31 16:46:12 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Carlos" == Carlos Arilla
<carillanunizar.es> writes:
    Carlos> My name is Carlos Arilla and i'working in the
University of
    Carlos> Zaragoza (Spain)

    Carlos> I'm programming IPsec for IPv6 Multicast and
i think
    Carlos> Openswan could be util for me.

  Are you trying to implement the IETF msec protocols?
  IPsec does not multicast packets.

  You can build GRE tunnels over IPsec which may (if
configured that
way) support multicast enabled point to point links, and
therefore be
useable to PIM.

  You may also be looking at how to do neighbour discovery
over IPv6
tunnels.

    Carlos> I need some info about IKE and multicast.

  There isn't any. Openswan IKE doesn't do multicast.

- -- 
]            Bear: "Me, I'm just the shape of a
bear."          |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON
   |net architect[
] mcrxelerance.com      http://www.san
delman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel
hacking, security guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRl9CI4CLcPvd0N1lAQIhmAf/SmKGVJZ6XU+oeX25fXa0wwvFgFEw
8iDT
5HckjZA6xVefVMrryf2gtjHaOXKRKnhoaL5IBujffCGPi2zsnz+tCKElruw9
T/JK
uTSh/qhCV5bSj7YxpxV1YIoEV9J6+y//zZcjj+j5xcqYTsdWK213Adhp6FLi
3WEq
RPO1QbcMJXRMzLs+sJoBPDA2nLEMGJscFBSDnoCh7DRKsqx/ydzZfFxE0gHB
OQ7s
eYXPEy/fepUguCradsXkYWMZXSIheD+bsdq4VF9lnpSrcj9ecYbQz4LYVjRW
K94L
k/3M/lR+S7rva5v/iwGhL0HAF5tLZ25nQgeuKcZai3jMZ3j7sZ8qQg==
=PZL7
-----END PGP SIGNATURE-----
_______________________________________________
Dev mailing list
Devopenswan.org
http:/
/lists.openswan.org/mailman/listinfo/dev
Re: begginer in openswan
country flaguser name
Spain		 2007-06-04 04:40:20 
Thanks for your reply,

I haven't heard about MSEC. I've been searching for it and
all i've 
found are RFC's of 2004, 2003...I think this standar has
been 
discontinued, and there isn't any implementation.

About the tunnels i've had problems with multicasting
packets over 
tunneling. Firewalls and packet organizers don't like
tunnels...so this 
solution is not valid for me. I need a solution that works
in many 
environments, not only with tunneling.

I've been thinking about Pluto. Can i use the keys obtained
by a unicast 
connection made by pluto with any other program? That is, I
make the IKE 
with Pluto unicast with a Key server that gives me some
keys, and i read 
that key from other program to decode the multicast flow. Is
this 
possible? Could i modify the pluto code to get this?

Thank you for your help

Carlos Arilla
Universidad de Zaragoza (Spain)

Michael Richardson wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>  
>
>>>>>>"Carlos" == Carlos Arilla
<carillanunizar.es> writes:
>>>>>>            
>>>>>>
>    Carlos> My name is Carlos Arilla and i'working in
the University of
>    Carlos> Zaragoza (Spain)
>
>    Carlos> I'm programming IPsec for IPv6 Multicast
and i think
>    Carlos> Openswan could be util for me.
>
>  Are you trying to implement the IETF msec protocols?
>  IPsec does not multicast packets.
>
>  You can build GRE tunnels over IPsec which may (if
configured that
>way) support multicast enabled point to point links, and
therefore be
>useable to PIM.
>
>  You may also be looking at how to do neighbour
discovery over IPv6
>tunnels.
>
>    Carlos> I need some info about IKE and
multicast.
>
>  There isn't any. Openswan IKE doesn't do multicast.
>
>- -- 
>]            Bear: "Me, I'm just the shape of a
bear."          |  firewalls  [
>]   Michael Richardson,    Xelerance Corporation,
Ottawa, ON    |net architect[
>] mcrxelerance.com      http://www.san
delman.ottawa.on.ca/mcr/ |device driver[
>] panic("Just another Debian GNU/Linux using,
kernel hacking, security guy"); [
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.6 (GNU/Linux)
>Comment: Finger me for keys
>
>iQEVAwUBRl9CI4CLcPvd0N1lAQIhmAf/SmKGVJZ6XU+oeX25fXa0wwvF
gFEw8iDT
>5HckjZA6xVefVMrryf2gtjHaOXKRKnhoaL5IBujffCGPi2zsnz+tCKEl
ruw9T/JK
>uTSh/qhCV5bSj7YxpxV1YIoEV9J6+y//zZcjj+j5xcqYTsdWK213Adhp
6FLi3WEq
>RPO1QbcMJXRMzLs+sJoBPDA2nLEMGJscFBSDnoCh7DRKsqx/ydzZfFxE
0gHBOQ7s
>eYXPEy/fepUguCradsXkYWMZXSIheD+bsdq4VF9lnpSrcj9ecYbQz4LY
VjRWK94L
>k/3M/lR+S7rva5v/iwGhL0HAF5tLZ25nQgeuKcZai3jMZ3j7sZ8qQg==

>=PZL7
>-----END PGP SIGNATURE-----
>
>  
>
_______________________________________________
Dev mailing list
Devopenswan.org
http:/
/lists.openswan.org/mailman/listinfo/dev
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )