[Click] IPsec work and question about Linux routing?
Markku Savela
Markku.Savela at vtt.fi
Mon Apr 16 03:50:16 EDT 2012
I've been trying to add some RFC-4301 features into existing
IPsec. This is still very rough coding, haven't gotten to
test the inbound yet, due to problems getting the packets
out (see below).
The simple usermode test configuration (attached) does not
quite do what I want: it does not route the tunneled packets
coming in from tun0 (src=192.168.0.14, dst=192.168.0.15) to
eth1 as I expected (packets seem to disappear, I see them
on tun0 using wireshark).
The old simple-ipsec configuration
http://read.cs.ucla.edu/click/examples/simple-ipsec.click
Uses FromDevice/ToDevice and has to some dummy ARP handling
due to this. I thought KernelTun would be much easier and
cleaner to use, but it looks like the kernel does not do
the routing from tun device?
r is there some tweak that would enable it?
I do have the normal ip forward enabled...
cat /proc/sys/net/ipv4/ip_forward
1
My setup on Ubuntu linux (tun0 from Click)
eth1 Link encap:Ethernet HWaddr 00:13:3b:02:b3:96
inet addr:192.168.0.14 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.0.0.1 P-t-P:10.0.0.1 Mask:255.0.0.0
UP POINTOPOINT RUNNING NOARP PROMISC MULTICAST MTU:1500 Metric:1
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ipsec.click
Url: http://amsterdam.lcs.mit.edu/pipermail/click/attachments/20120416/da4a45ba/attachment.txt
More information about the click
mailing list