Re: multiple tunnelling problem

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Prasad wrote:


Hello all,
I have a problem with one of my routing requirements when using IPSec along with a proprietary Mobile IP implementation. And sorry for such a long mail :(
Here is a brief description of my situation: My client (mobile-node) has an IP address of 10.10.10.40, my gateway (actually home-agent) has an IP address of 10.10.10.1 and systems in my home network are in 10.0.0.0 network. 

1. Mobile node tries to communicate with 10.10.10.4 (home network)
2. The packet from mobile node goes through IPSec and gets encapsulated in a tunnel. The encapsulating packet has a source address of 10.10.10.40 and destination address of 10.10.10.1 (the encapsulated packet is from 10.10.10.40 to 10.10.10.4... the source did not change) 3. The IPSec packet that came out is not sent through a Mobile IP tunnel. The new encapsulating packet has dest=<Internet IP of Home-Agent> and src=<Internet IP of mobile node>. (This packet encapsulates IPSec packet, which in-turn encapsulates the original packet) 4. The Home-Agent injects the original packet from 10.10.10.4 to 10.10.10.40 into the network!
While all that was fine... one noticable thing is that the src address did not change in the initial IPSec tunneling.
Oops, the client machine I referred to below is the one on my home network with IP address 10.10.10.4. Sorry for a misleading explanation! 
Now the client machine responds:
A) Packet sent from client goes to home-agent. Home agent encapsulates the packet with IPSec. The destination for the packet was 10.10.10.40 before it came to my system. B) The packet came to me (server, from the local network - it will come to me because i would be giving out a proxy arp) with a destination of 10.10.10.40. To make the packet go through IPSec, i probably should have a route that says 10.10.10.40 should be routed through ipsec0.
Now the real problem is, the packet should also leave IPSec with destination as 10.10.10.40 (after encapsulation). The resulting packet should now be routed through another device created by my Mobile IP Driver.
Is it possible to have such a routing table? If yes, how do I achieve this? 

Thanks,
Prasad
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc



_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux