Hi Andreas, Hi All, During the last two weeks, I did a interesting testing which will be described as followed.
1) I established IPSEC tunnel by using strongswan over IP-in-IP tunnel (that means two tunnel has been established); 2) In these two tunnel, I used the same inner IP as the original IP (that means there IPs are the same); 3) I use the linux kernel 2.6.28 with the following patches and enabled the IPsec related kernel options. *1* SKB True Size Problem, detail information can be found in: http://patchwork.kernel.org/patch/11964/ *2* IPV6 Stack Problem, detail information can be found in: *http://kerneltrap.org/mailarchive/linux-netdev/2008/11/25/4231304*<http://kerneltrap.org/mailarchive/linux-netdev/2008/11/25/4231304> 4) After two tunnel established successfully, I initiate ping from the host{A} to host{B}. ICMP reply package can not be seen on the cosole but I can see these packages in the cratched list of tcpdump (tcpdump -i ip-in-ip). so I am wander that if this scenarios (IPsec tunnel mode over IP-IN-IP tunnel mode) can be supported by linux kernel2.6.28 or later version of kernel. If I need apply some patches to support this scenarios (IPsec tunnel mode over IP-IN-IP tunnel mode). look forward to your answer, thanks a lot! cheers, David Morris
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
