tunnel mode
Click on the red underlined text to get to the source
... Security Policy Database (SPD) entries. Section 6 gives
recommendations. Appendices further discuss tunnel mode usage and
optional extensions.
...
... IPsec can be used in two ways, in transport and tunnel mode; detailed
discussion about applicability in this context ...
... IPsec in Tunnel Mode ...
... IPv4 addresses may be spoofed, and IPsec cannot detect this
in tunnel mode; the packets will be demultiplexed based on the SPI
and possibly the IPv6 address ...
... tunnel endpoint.
As described in Section 5, using tunnel mode is more difficult than
applying transport mode to a tunnel ...
... transport mode. Note that even though transport
rather than tunnel mode is recommended, an IPv6-in-IPv4 tunnel
...
... destination IPv6 addresses are known
a priori. A tunnel mode SA could be bound to these specific
addresses. Address ...
... IPv6 traffic can be protected using transport or tunnel mode.
There are many problems when using tunnel mode as implementations may
...
... transport or tunnel mode.
There are many problems when using tunnel mode as implementations may
or may not model the IPsec tunnel mode SA ...
... There are many problems when using tunnel mode as implementations may
or may not model the IPsec tunnel mode SA as an interface as
...
... described in Appendix A.1.
If IPsec tunnel mode SA is not modeled as an interface (e.g., as of
...
... link-local and multicast traffic,
we do not recommend using tunnel mode in this context. Tunnel mode
...
... we do not recommend using tunnel mode in this context. Tunnel mode
is, however, discussed further in Appendix A.
...
... IPv6-in-IPv4 tunnel using either transport or tunnel mode. We
observe that applying transport mode to a tunnel ...
... In Appendix A, we also explore what it would take to use so-called
Specific SPD (SSPD) tunnel mode. Such usage is more complicated
because IPv6 prefixes need to be known a priori, and multicast ...
... tunnel. Fragment handling
in tunnel mode is also more difficult. However, because the Mobility
and Multihoming Protocol (MOBIKE ...
... Multihoming Protocol (MOBIKE) [RFC4555] supports only tunnel
mode, when the IPv4 endpoints of a tunnel ...
... tunnel are dynamic and the other
constraints are not applicable, using tunnel mode may be an
acceptable solution.
...
... Appendix A. Using Tunnel Mode ...
...
First, we describe the different tunnel mode implementation methods.
We note that, in this context ...
... transport mode tunnel is
recommended instead. However, we will describe how the SSPD tunnel
mode might look if one would like to use it in any case.
...
... A.1. Tunnel Mode Implementation Methods ...
...
Tunnel mode could (in theory) be deployed in two very different ways
depending on the implementation:
...
...
1. "Generic SPDs": some implementations model the tunnel mode SA as
an IP interface. In this case, an IPsec ...
...
2. "Specific SPDs": some implementations do not model the tunnel
mode SA as an IP interface. Traffic selection is based on
...
... ISP as part of setting up
the IPsec tunnel mode SA. The details of these procedures are out of
scope for this memo.
...
... change, this might introduce new security issues, and using
tunnel mode would be most appropriate.
When NAT ...