[Openswan dev] Linux VPN
Goshen, Ido (Ido)
igoshen at avaya.com
Thu Jun 30 17:29:04 CEST 2005
I'm interested in installing VPN into Linux system.
I have some concerns:
1. IPSEC and QoS -
Is there a way to prevent QoS from reordering of IPSEC packets?
Disordering of packets is critical to IPSEC
If understand correctly (probably not) IPSEC handling is done within POST_ROUTING.
Traffic-shaping queues are attached to a device, which is done afterward.
2. IPSEC policy per interface.
Can packet be matched upon their in/out interface ?
I haven't seen that interface can be specified in any method of setting IPSEC rules
(e.g. spdadd in 2.6 native ipsec, or ipsec auto -add in KLIPS of OpenSwan)
- Ido Goshen,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev