[Openswan Users] ipsec look on 2.6

Herbert Xu herbert at gondor.apana.org.au
Fri Dec 2 11:20:14 CET 2005

On Thu, Dec 01, 2005 at 06:49:26PM +0100, Paul Wouters wrote:
> Is the NAT-T code also moving from XFRM to the netfilter? The advantage

The main problem with that approach is that the core IPsec
functionality should be useable without having netfilter at all.

However, if you manage to do UDP encapsulation in netfilter without
conflicting against the standard kernel UDP encapsulation it should
be fine.

Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

More information about the Users mailing list