IPA - VPN Passthrough and Tunneling
VPN Passthrough
L2TP / IPSEC
- In modern computers, the
L2TP
tunnel usually works with IPSEC
to establish a secure tunnel. And if the computer is behind a NAT, the IPSEC
will use UDP port 500
and 4500
to traverse the firewall.
So the IPA
can accelerate these packets as normal UDP packets.
GRE L2/L3
- There is an option in
IPACM_cfg.xml
to configure the GRE
setting.
- When it is enabled, it will add a static rule for
GRE
packets in ip4_nat
.
- It currently can not support multiple APNs, because it is a static rule and can not choose the outgoing
APN
.
VPN Tunnel - EoGRE
- The new platform
SDX62
supports for creating a layer 2 GRE (EoGRE)
tunnel on ODU, so the layer 2 header of IAD packets can be encapsulated and sent to another site in the core network.
- It is necessary to configure the remote
EoGRE
server address when enabling it by the ioctl IPA_IOC_ADD_EoGRE_MAPPING
.
- After testing, it was found that only the downlink traffic can go through the IPA, and the uplink traffic is still handled by the Linux kernel.