OpenSwan IPSec Multicast Support

Support for security such as Firewalls and securing linux
Post Reply
lund0782
Posts: 1
Joined: 2013/11/07 05:56:37

OpenSwan IPSec Multicast Support

Post by lund0782 » 2013/11/07 06:05:01

I am trying to implement IPSec on a network with hosts running CentOS6.4. Multicast is used on the network, and I am trying to find a solution to secure that multicast traffic using IPSec. As far as I can tell, OpenSwan does not support multicast comms. The only solution I have found is to use GRE tunnels for the multicast traffic, but I am trying to keep all traffic strictly multicast. Anyone have any ideas?

silvertip257
Posts: 1
Joined: 2014/03/10 00:07:03

Re: OpenSwan IPSec Multicast Support

Post by silvertip257 » 2014/03/10 00:16:55

lund0782 wrote:I am trying to implement IPSec on a network with hosts running CentOS6.4. Multicast is used on the network, and I am trying to find a solution to secure that multicast traffic using IPSec. As far as I can tell, OpenSwan does not support multicast comms. The only solution I have found is to use GRE tunnels for the multicast traffic, but I am trying to keep all traffic strictly multicast. Anyone have any ideas?
Maybe a little late, but better late than never, right?
(this post being from Nov 2013)

Correct, multicast and broadcast traffic aren't "natively" passed through IPSec VPNs.
[ There's good and bad to that, but I'm of the impression it's more good than bad. ]

Have you tried making a GRE tunnel ride inside your IPSec tunnel?
[ In a way, using a GRE tunnel is a bit of a hack (tunneling twice). But we have to use the tools we have, right? ;) ]

Post Reply

Return to “CentOS 6 - Security Support”