Date: Wed, 1 Aug 2018 15:15:36 +0200 From: Christian Mauderer <christian.mauderer@embedded-brains.de> To: freebsd-hackers@freebsd.org Subject: Configuration for IPSec Loop-Back Test Message-ID: <20127f75-c6d6-463e-046f-3844502f3da9@embedded-brains.de>
next in thread | raw e-mail | index | archive | help
Hello, I'm working on a port for IPSec and ipsec-tools (racoon, setkey, libipsec) to an embedded operating system (RTEMS). RTEMS uses the FreeBSD network stack via a compatibility layer (rtems-libbsd). I can already create a IPSec connection on some real hardware with some real peer. To prevent regression in a future version, I would like to add a test that would check that the port still works. That test would have to run on a system _without_ a real hardware peer. Therefore I would like to create some IPSec loop back connection. In that case racoon would have to talk to itself because I currently only support one instance. Do you have any hints how I could create such a network? My current thought would be something along a virtual network device (maybe tun?) that can be connected to some other virtual network device via for example a bridge device. Maybe I could then try to configure two gif-devices that would use this tunnel. racoon would have to listen on both devices (maybe on different ports). Currently I have trouble setting this up. Are there any simpler ideas for an IPSec loop back connection that would use most of the stack layers? Thanks in advance for every answer. With kind regards Christian Mauderer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20127f75-c6d6-463e-046f-3844502f3da9>