Configuration for IPSec Loop-Back Test
Alan Somers
asomers at freebsd.org
Wed Aug 1 14:50:07 UTC 2018
On Wed, Aug 1, 2018 at 7:15 AM, Christian Mauderer <
christian.mauderer at embedded-brains.de> wrote:
> Hello,
>
> I'm working on a port for IPSec and ipsec-tools (racoon, setkey,
> libipsec) to an embedded operating system (RTEMS). RTEMS uses the
> FreeBSD network stack via a compatibility layer (rtems-libbsd).
>
> I can already create a IPSec connection on some real hardware with some
> real peer. To prevent regression in a future version, I would like to
> add a test that would check that the port still works. That test would
> have to run on a system _without_ a real hardware peer. Therefore I
> would like to create some IPSec loop back connection. In that case
> racoon would have to talk to itself because I currently only support one
> instance.
>
> Do you have any hints how I could create such a network?
>
> My current thought would be something along a virtual network device
> (maybe tun?) that can be connected to some other virtual network device
> via for example a bridge device. Maybe I could then try to configure two
> gif-devices that would use this tunnel. racoon would have to listen on
> both devices (maybe on different ports).
>
> Currently I have trouble setting this up. Are there any simpler ideas
> for an IPSec loop back connection that would use most of the stack layers?
>
> Thanks in advance for every answer.
>
> With kind regards
>
> Christian Mauderer
>
Does RTEMS support multiple FIBs? In FreeBSD I've done this kind of thing
using multiple FIBs with tap(4) devices (though tun(4) might work for your
use case). In the FreeBSD source tree, see tests/sys/netinet/fibs_test.sh.
-Alan
More information about the freebsd-hackers
mailing list