1. Home
  2. pfSense® Software
  3. IPsec
  4. PIM and multicast routing on IPSec tunnel

PIM and multicast routing on IPSec tunnel

  • L

    Here is the Cisco example config from remote party:
    ip multicast-routing
    crypto isakmp policy 2
    encr 3des
    hash md5
    authentication pre-share
    crypto isakmp key 123 address 1.7.129.10
    !
    crypto ipsec transform-set remotevpn esp-3des esp-md5-hmac
    !
    crypto map remotevpn 1 ipsec-isakmp
    set peer 1.7.129.10
    set transform-set remotevpn
    match address 100
    !
    interface Loopback0
    ip address 10.249.0.157 255.255.255.255
    !
    interface Tunnel0
    ip address 10.249.6.98 255.255.255.252
    ip pim sparse-mode
    tunnel source 10.249.0.157
    tunnel destination 10.249.254.1
    !
    interface fa0/0
    ip address 10.249.52.129 255.255.255.192
    ip pim sparse-mode
    duplex auto
    speed auto
    no cdp enable
    !
    interface fa0/1
    ip address 6.3.8.1 255.255.255.x
    crypto map remotevpn
    ip access-group 199 in
    !
    ip route 2.4.112.0 255.255.255.128 Tunnel0
    ip route 2.4.112.254 255.255.255.255 Tunnel0

    ip route 2.4.112.128 255.255.255.128 6.3.8.1
    ip route 10.249.254.1 255.255.255.255 6.3.8.1
    ip classless
    ip pim rp-address 2.4.112.254
    ip mroute 2.4.112.0 255.255.255.128  tunnel0
    ip mroute 2.4.112.254 255.255.255.255 tunnel0

    access-list 100 permit ip 10.249.52.128 0.0.0.63 2.4.112.0 0.0.0.255
    access-list 100 permit host 10.249.0.157 host 10.249.254.1

    access-list 199 permit host 10.249.254.1 host 10.249.0.157
    access-list 199 permit ip 2.4.112.0 0.0.0.255 10.249.52.128 0.0.0.63
    access-list 199 permit udp any any eq isakmp
    access-list 199 permit ahp any any
    access-list 199 permit esp any any

    Questions,

    1. how could I create loopback0 and tunnel0 interface?
    2. does pfsense support PIM and multicast routing?

    Remark,

    I am no longer being able to test this one as project is ended, I end up using Cisco router to connect instead of using pfsense.

    0
  • D

    PIM is NOT supported in pfsense.  tunnel0 is just a GRE tunnel and pfsense does support that. PIM is supported in FreeBSD so I'm sure it could be implemented by pfSense at a later date if they choose too.

    0
  • C

    PIM would be fine even IGMP Proxy handles only one up-stream … It is a problem in case of VLANs where you might have more than one sender of multicast ...

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy