Configuration for IPSec Loop-Back Test
Christian Mauderer
christian.mauderer at embedded-brains.de
Wed Aug 1 13:15:49 UTC 2018
Hello,
I'm working on a port for IPSec and ipsec-tools (racoon, setkey,
libipsec) to an embedded operating system (RTEMS). RTEMS uses the
FreeBSD network stack via a compatibility layer (rtems-libbsd).
I can already create a IPSec connection on some real hardware with some
real peer. To prevent regression in a future version, I would like to
add a test that would check that the port still works. That test would
have to run on a system _without_ a real hardware peer. Therefore I
would like to create some IPSec loop back connection. In that case
racoon would have to talk to itself because I currently only support one
instance.
Do you have any hints how I could create such a network?
My current thought would be something along a virtual network device
(maybe tun?) that can be connected to some other virtual network device
via for example a bridge device. Maybe I could then try to configure two
gif-devices that would use this tunnel. racoon would have to listen on
both devices (maybe on different ports).
Currently I have trouble setting this up. Are there any simpler ideas
for an IPSec loop back connection that would use most of the stack layers?
Thanks in advance for every answer.
With kind regards
Christian Mauderer
More information about the freebsd-hackers
mailing list