Actions
Feature #5484
opencreate setup for nested IPsec (doubango on top of StrongSWAN)
Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
03/07/2022
Due date:
% Done:
0%
Description
For VoWiFi, we need to operate two nested IPsec layers: The outer layer on the SWu interface to the ePDG, and the inner layer on the IMS connection to the P-CSCF.
As far as I know, Linux doesn't support nested IPsec in the kernel. So we have a couple of different options, for example:
- don't use kernel IPsec but userspace IPsec for one of the two layers
- use network namespaces to separate the two IPsec instances
- running two different [virtual, physical] machines, possible during R&D only.
No data to display
Actions