Create a proof-of-concept to forward traffic from IPsec into a GTP tunnel
The UEs traffic (SIP/TCP/IP) arrives at the ePDG as IPsec traffic.
All the traffic from a single UE must be converted from IPsec encapsulation into GTP encapsulation.
As prototype a setup of a couple vms would be a good starting point
- UE (IPsec client)
- EPDG (IPsec server, forwards traffic to a GTP tunnel)
- PGW (GTP tunnel endpoint)
- IMS (http, icmp, .. endpoint in this example)
The interesting part to test. Can linux configured to decapsulate IPsec traffic and encapsulate it in GTP and vice versa?
Further we will have multiple APNs/PGW connections, meaning multiple GTP interfaces.
If we can't connect the IPsec tunnel with a GTP tunnel direct (which I doubt) it would mean we have a lot of `ip rule`s on the machine.
Maybe we would have only a single `ip rule` for every APN.
Or we could use eBPF or XDP for it and only have lookup tables maintained by the user space?