(usagi-users 03884) Re: AW: Re: IPsec + multicast

[Brian Haley <brian.haley@xxxxxx>]

Fey Marcus wrote:
> > -----Ursprüngliche Nachricht-----
> > Von: Valdis.Kletnieks@...
> > Gesendet: Donnerstag, 12. Juli 2007 18:22
> > An: usagi-users@xxxxxxxxxxxxxx
> > Betreff: (usagi-users 03878) Re: IPsec + multicast
> >
> > On Thu, 12 Jul 2007 08:41:50 +0200, Fey Marcus said:
> > > the company I'm working for has a strong interest in IPv6. 
> > One of the 
> > > main topics is having a router perform IPsec on multicast packets 
> > > which isn't working so far.
> > What functionality will a *router* be able to do with IPsec?  
> > Remember, IPsec is mostly of interest to *the end hosts*.
>
> Unfortunately the "mostly" doesn't apply in our case.
>
> The router is supposed to en-/decrypt the packets (destined for multicast addresses) coming from trusted networks behind it. 
>
> net1 -(plain)-> router1 -(encrypted)-> internet -(encrypted)-> router2 -(plain)-> net2

This looks like a point-to-point tunnel, no?  Is that what you're trying 
to setup?  In that case the two routers are the endpoints and can use 
IPsec, in tunnel mode for example.

If it's something other than that I think you're out of luck.

-Brian