Page 1 of 1

OpenSwan IPSec Multicast Support

Posted: 2013/11/07 06:05:01
by lund0782
I am trying to implement IPSec on a network with hosts running CentOS6.4. Multicast is used on the network, and I am trying to find a solution to secure that multicast traffic using IPSec. As far as I can tell, OpenSwan does not support multicast comms. The only solution I have found is to use GRE tunnels for the multicast traffic, but I am trying to keep all traffic strictly multicast. Anyone have any ideas?

Re: OpenSwan IPSec Multicast Support

Posted: 2014/03/10 00:16:55
by silvertip257
lund0782 wrote:I am trying to implement IPSec on a network with hosts running CentOS6.4. Multicast is used on the network, and I am trying to find a solution to secure that multicast traffic using IPSec. As far as I can tell, OpenSwan does not support multicast comms. The only solution I have found is to use GRE tunnels for the multicast traffic, but I am trying to keep all traffic strictly multicast. Anyone have any ideas?
Maybe a little late, but better late than never, right?
(this post being from Nov 2013)

Correct, multicast and broadcast traffic aren't "natively" passed through IPSec VPNs.
[ There's good and bad to that, but I'm of the impression it's more good than bad. ]

Have you tried making a GRE tunnel ride inside your IPSec tunnel?
[ In a way, using a GRE tunnel is a bit of a hack (tunneling twice). But we have to use the tools we have, right? ;) ]