[Swan] Requesting an Internal Address on a Remote Network (IRAC) on IPSEC
Sandeep Burugupally
Sandeep.Burugupally at radisys.com
Thu Nov 2 14:38:37 EET 2023
Hello ,
We have been using Libreswan for IPSEC Feature , Our Requirement compels us to have different SA for 2 Ips i.e ,IP1 & IP2.
1. IP1 is always known and will always be associated with an Linux interface , here on which IKE will take place.
2. IP2 comes in between or rather After IKEv2 is done on IP1, & IP2 is not associated with any Linux Interface.
We need to have an SA for IP2 as an output of IKEV2 on IP1. After researching literature we found that RFC does support as CP payloads in IKE message exchanges .
Ref : https://datatracker.ietf.org/doc/html/rfc4306#page-56 (section : 2.19)
Kindly guide us in configuring the same in Libreswan .
Thanks
B Sandeep
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20231102/97c91751/attachment.htm>
More information about the Swan
mailing list