From: Ken Bantoft (ken_at_freeswan.ca)
Date: Mon Oct 07 2002 - 05:49:04 CEST
On Sun, 6 Oct 2002, Igmar Palsenberg wrote:
> The shitty part is that SLP is done in two ways : Multicast and broadcast
> to 255.255.255.255. Both are not supported by IPSEC.
Uh huh... I got lucky - I only needed Novell eDirectory, which (at least
on Linux) happily uses pure TCP/IP to find/connect to it's replicas.
> > I run zebra + bgpd over it myself - documentation on this config
> > forthcoming.
>
> The clients in question are all Windows + Sentinel, so I don't think GRE
> will work.
But L2TP over IPSec might. Ugly though - yet another tunneling protocol,
and you'd need an L2TP server (Looks like there's an L2TPD for Linux)
> For the other location I'm looking at GRE now, which should be 'easy' to
> setup.
Yup - just remember to add the 224.0.0.0 netmask 240.0.0.0 route to the
GRE tunnel.
> I'm thinking of writing a deamon that binds to ipsec0 and the internal
> interface and forwards broadcast stuff. I've seen some nice libs that can
> do IP spoofing, so I'll have a look at that.
Could iptables not NAT the packet for you, so it's not to/from a
non-broadcast interface? I'm just tossing around ideas...
--
Ken Bantoft The Unoffical FreeS/WAN Site:
ken_at_freeswan.ca http://www.freeswan.ca
PGP Key: finger ken_at_bantoft.org
"We can factor the number 15 with quantum computers. We
can also factor the number 15 with a dog trained to bark
three times." -- Robert Harley, 5/12/01, Sci.crypt
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Tue Oct 08 2002 - 05:20:20 CEST