Hi Niccolò, > is there any way to tunnel UPnP/DLNA over IPsec without L2TP?
Yes. The difficult part is UPnP discovery, which uses the Simple Service Discovery Protocol. SSDP uses IP multicast messages to 239.255.255.250. So what you basically have to do is include 239.255.255.250 as destination address in your IPsec policies, and then make sure that these multicasts get properly forwarded on the involved IPsec hosts. If you handle multiple connections, depending on your setup, this might result in identical policies (e.g. 0.0.0.0/0 <-> 239.255.255.250/32). Linux does not like these, so you'd have to use different Netfilter marks to separate them. Best regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
