PIM and multicast routing on IPSec tunnel
Here is the Cisco example config from remote party:
crypto isakmp policy 2
crypto isakmp key 123 address 184.108.40.206
crypto ipsec transform-set remotevpn esp-3des esp-md5-hmac
crypto map remotevpn 1 ipsec-isakmp
set peer 220.127.116.11
set transform-set remotevpn
match address 100
ip address 10.249.0.157 255.255.255.255
ip address 10.249.6.98 255.255.255.252
ip pim sparse-mode
tunnel source 10.249.0.157
tunnel destination 10.249.254.1
ip address 10.249.52.129 255.255.255.192
ip pim sparse-mode
no cdp enable
ip address 18.104.22.168 255.255.255.x
crypto map remotevpn
ip access-group 199 in
ip route 22.214.171.124 255.255.255.128 Tunnel0
ip route 126.96.36.199 255.255.255.255 Tunnel0
ip route 188.8.131.52 255.255.255.128 184.108.40.206
ip route 10.249.254.1 255.255.255.255 220.127.116.11
ip pim rp-address 18.104.22.168
ip mroute 22.214.171.124 255.255.255.128 tunnel0
ip mroute 126.96.36.199 255.255.255.255 tunnel0
access-list 100 permit ip 10.249.52.128 0.0.0.63 188.8.131.52 0.0.0.255
access-list 100 permit host 10.249.0.157 host 10.249.254.1
access-list 199 permit host 10.249.254.1 host 10.249.0.157
access-list 199 permit ip 184.108.40.206 0.0.0.255 10.249.52.128 0.0.0.63
access-list 199 permit udp any any eq isakmp
access-list 199 permit ahp any any
access-list 199 permit esp any any
1. how could I create loopback0 and tunnel0 interface?
2. does pfsense support PIM and multicast routing?
I am no longer being able to test this one as project is ended, I end up using Cisco router to connect instead of using pfsense.
PIM is NOT supported in pfsense. tunnel0 is just a GRE tunnel and pfsense does support that. PIM is supported in FreeBSD so I'm sure it could be implemented by pfSense at a later date if they choose too.
PIM would be fine even IGMP Proxy handles only one up-stream … It is a problem in case of VLANs where you might have more than one sender of multicast ...