On 05/19/2014 02:14 PM, Robert Moskowitz wrote:
More thoughts. 2 reserved bits can be used:
1 bit to indicate tunnel rather than transport
1 bit to indicate IPv4 or IPv6 tunnel addressing
Initially use the HIT/LSI to carry DHCP/RA packets through tunnel?
Though LSI is a bit messy. Though again, others more familiar with
this part may tell me how easy this is to handle.
RFC 3456 for DHCP over IPsec. At least for IPv4. Now to read it...
On 05/19/2014 02:08 PM, Robert Moskowitz wrote:
I have a real need to provide ESP tunnel mode from a HIP client to a
gateway. The world just won't go as nicely as I would have wanted it to.
In the HIPL manual, there is an example of running OpenVPN within the
BEET ESP connection, but I don't think that ends up with the same as
ESP tunnel mode.
So what would be needed. Simply a indicator that tunnel mode is in
use, the run DHCP (or RA) through the tunnel? Actually send
addressing information as HIP parameters?
You don't want to use HITs in RFC4303 tunnel mode as is described in
5202-bis. You can use the initator's (client) HIT, but then you would
still need to map it on the gateway side.
Probably have to go look at what ESP does for tunnel support :)' but
comments are welcome.
The tunnel needs act differently than 'classic ESP tunnel' so that
HIP mobility is maintained.
I suspect that others have given this more thought in actually
implementing it, so please direct me to any papers on this.
THanks
_______________________________________________
Hipsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/hipsec
_______________________________________________
Hipsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/hipsec
_______________________________________________
Hipsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/hipsec
