I have a real need to provide ESP tunnel mode from a HIP client to a
gateway. The world just won't go as nicely as I would have wanted it to.
In the HIPL manual, there is an example of running OpenVPN within the
BEET ESP connection, but I don't think that ends up with the same as ESP
tunnel mode.
So what would be needed. Simply a indicator that tunnel mode is in use,
the run DHCP (or RA) through the tunnel? Actually send addressing
information as HIP parameters?
You don't want to use HITs in RFC4303 tunnel mode as is described in
5202-bis. You can use the initator's (client) HIT, but then you would
still need to map it on the gateway side.
Probably have to go look at what ESP does for tunnel support :)' but
comments are welcome.
The tunnel needs act differently than 'classic ESP tunnel' so that HIP
mobility is maintained.
I suspect that others have given this more thought in actually
implementing it, so please direct me to any papers on this.
THanks
_______________________________________________
Hipsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/hipsec
