IPSec + vpn + multicast

Nikos Vassiliadis nvass at teledomenet.gr
Fri Dec 5 08:25:34 PST 2008

On Wednesday 03 December 2008 17:02:05 nrml nrml wrote:
> Hello,
> I followed the handbook instructions and the ipsec(4) man page to setup
> vpn-over-ipsec for our company's site-to-site connection via our
> dedicated T1. Anyway I have it working but I found that I need to make
> sure that multicast traffic can traverse through the two subnets. I have
> the following options in my kernel:
> FreeBSD somebox.domain.com 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #1: Fri
> Nov 21 08:11:47 PST 2008    
> root at somebox.domain.com:/usr/obj/usr/src/sysKERNEL  i386 device         
> crypto
> options         IPSEC
> options         IPSEC_FILTERTUNNEL
> options         IPSEC_DEBUG         #debug for IP Security
> options         IPSEC_NAT_T

The kernel does not support multicast routing by default,
you need to add "options MROUTING" to your kernel cf. But
then again you have to use something to exchange that routing
information to the other peers, something like XORP.

> ipsec-tools:
> Does anyone know how I can accomplish this? The goal is to try and have
> transparency between the two sites

Could you elaborate a bit on "transparency between the two sites"?

> to and try and get Bonjour working. 

I am not familiar with Bonjour, but it seems that multicast routing
is not the way to go... Maybe you can achieve that same effect using
bridging and packet filtering to block what ever is supposed to be
local traffic.


More information about the freebsd-questions mailing list