[Openswan dev] Linux VPN

Goshen, Ido (Ido) igoshen at avaya.com
Thu Jun 30 17:29:04 CEST 2005


I'm interested in installing VPN into Linux system.

I have some concerns:

1. IPSEC and QoS - 
	Is there a way to prevent QoS from reordering of IPSEC packets?
	Disordering of packets is critical to IPSEC
	If understand correctly (probably not) IPSEC handling is done within POST_ROUTING.
	Traffic-shaping queues are attached to a device, which is done afterward.

2. IPSEC policy per interface.
	Can packet be matched upon their in/out interface ?
	I haven't seen that interface can be specified in any method of setting IPSEC rules
	(e.g. spdadd in 2.6 native ipsec, or ipsec auto -add in KLIPS of OpenSwan) 

- Ido Goshen,
  Avaya communications

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/dev/attachments/20050630/a834f9b3/attachment.htm

More information about the Dev mailing list