Project

General

Profile

Actions

Feature #5484

open

create setup for nested IPsec (doubango on top of StrongSWAN)

Added by laforge almost 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
03/07/2022
Due date:
% Done:

0%


Description

For VoWiFi, we need to operate two nested IPsec layers: The outer layer on the SWu interface to the ePDG, and the inner layer on the IMS connection to the P-CSCF.

As far as I know, Linux doesn't support nested IPsec in the kernel. So we have a couple of different options, for example:

  • don't use kernel IPsec but userspace IPsec for one of the two layers
  • use network namespaces to separate the two IPsec instances
  • running two different [virtual, physical] machines, possible during R&D only.

No data to display

Actions

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)