Date: Wed, 1 Aug 2018 15:15:36 +0200 From: Christian Mauderer <christian.mauderer@embedded-brains.de> To: freebsd-hackers@freebsd.org Subject: Configuration for IPSec Loop-Back Test Message-ID: <20127f75-c6d6-463e-046f-3844502f3da9@embedded-brains.de>
next in thread | raw e-mail | index | archive | help
Hello, I'm working on a port for IPSec and ipsec-tools (racoon, setkey, libipsec) to an embedded operating system (RTEMS). RTEMS uses the FreeBSD network stack via a compatibility layer (rtems-libbsd). I can already create a IPSec connection on some real hardware with some real peer. To prevent regression in a future version, I would like to add a test that would check that the port still works. That test would have to run on a system _without_ a real hardware peer. Therefore I would like to create some IPSec loop back connection. In that case racoon would have to talk to itself because I currently only support one instance. Do you have any hints how I could create such a network? My current thought would be something along a virtual network device (maybe tun?) that can be connected to some other virtual network device via for example a bridge device. Maybe I could then try to configure two gif-devices that would use this tunnel. racoon would have to listen on both devices (maybe on different ports). Currently I have trouble setting this up. Are there any simpler ideas for an IPSec loop back connection that would use most of the stack layers= ? Thanks in advance for every answer. With kind regards Christian Mauderer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20127f75-c6d6-463e-046f-3844502f3da9>