Re: [Ipsec-tools-devel] adding public IP address tunnel mode

[Naveen BN <nav...@gl...>]

Timo,
Change of Public IP at NAT will be take care by sending Nat keep alive . 
Yes i need to tunnel Public IP of UE
learned. But the problem i have is adding the public IP in to the inner 
IP and tunnel it with a private IP .

Regards
Naveen

Timo Teräs wrote:
> Hi,
>
> Naveen BN wrote:
>> This what is expected in a UE as per TS 33.203. This feature should 
>> be present in UE as UDP encapsulated Tunnel mode
>> if UE detects it is behind NAT.
>>
>> This out going packet from UE should look like
>> Packet from UE in case of UDP encapsulated Tunnel Mode */
>>        --------------------------------------------------------------
>>         |OUTER.| UDP | ESP | Inner IP    |     |      |   ESP   | ESP|
>>         |IP    | Hdr | Hdr |  Header     | TCP | Data | Trailer|Auth|
>>         
>> --------------------------------------------------------------        
>>   The contents of the above shown Packet w.r.t IP headers are 
>> interpreted  as below
>> Outer IP adder
>> SRC ? Private IP address of UE
>> DEST ? PCSCF IP address
>> Inner IP adder
>> SRC ? Public IP address of UE
>> DEST ? PCSCF IP address **
>> **
>
> I'm not really sure what you are actually trying to achieve, and
> not too interested to read 100+ pages.
>
> However, if
> a) the idea is to tunnel public IP traffic over link with private IPs,
>   my previous suggestion stands: add the public IP to some interface
>   in the server, so the applications can use the public IP automatically.
>
> b) It's some "auto detect my public IP and use that inside the tunnel"
>   type thingy. This would need support in the keying daemon so that the
>   tunnel addresses are negotiated properly. However, I don't really like
>   this since the public IP can change without notice by the NAT device:
>   it could have public IP pool, several different connections with 
> different
>   IPs and your SA's would need to be renegotiated.
>
> - Timo
>