Re: [Ipsec-tools-devel] adding public IP address tunnel mode
Brought to you by:
mit_warlord,
netbsd
From: Naveen BN <nav...@gl...> - 2009-12-18 08:44:53
|
Timo, Change of Public IP at NAT will be take care by sending Nat keep alive . Yes i need to tunnel Public IP of UE learned. But the problem i have is adding the public IP in to the inner IP and tunnel it with a private IP . Regards Naveen Timo Teräs wrote: > Hi, > > Naveen BN wrote: >> This what is expected in a UE as per TS 33.203. This feature should >> be present in UE as UDP encapsulated Tunnel mode >> if UE detects it is behind NAT. >> >> This out going packet from UE should look like >> Packet from UE in case of UDP encapsulated Tunnel Mode */ >> -------------------------------------------------------------- >> |OUTER.| UDP | ESP | Inner IP | | | ESP | ESP| >> |IP | Hdr | Hdr | Header | TCP | Data | Trailer|Auth| >> >> -------------------------------------------------------------- >> The contents of the above shown Packet w.r.t IP headers are >> interpreted as below >> Outer IP adder >> SRC ? Private IP address of UE >> DEST ? PCSCF IP address >> Inner IP adder >> SRC ? Public IP address of UE >> DEST ? PCSCF IP address ** >> ** > > I'm not really sure what you are actually trying to achieve, and > not too interested to read 100+ pages. > > However, if > a) the idea is to tunnel public IP traffic over link with private IPs, > my previous suggestion stands: add the public IP to some interface > in the server, so the applications can use the public IP automatically. > > b) It's some "auto detect my public IP and use that inside the tunnel" > type thingy. This would need support in the keying daemon so that the > tunnel addresses are negotiated properly. However, I don't really like > this since the public IP can change without notice by the NAT device: > it could have public IP pool, several different connections with > different > IPs and your SA's would need to be renegotiated. > > - Timo > |