[Openswan Users] overlapping networks with nat-t
Jacco de Leeuw
jacco2 at dds.nl
Thu Jan 19 16:06:15 CET 2006
Marco Berizzi wrote:
>> though. This will be very hard using netkey.
>
> Not now. Patrick McHardy patches has been in the
> mainline kernel since 2.6.15-git5. With a recent
> iptables snapshot version there is a new 'policy
> match' which allow very granual control over ipsec
> packets. For anyone who is interested see:
> https://lists.netfilter.org/pipermail/netfilter-devel/2006-January/023002.html
Which of Patrick McHardy's patches are in 2.6.15-git? These?
ipsec-01-output-hooks
ipsec-02-input-hooks
ipsec-03-policy-lookup
ipsec-04-policy-checks
http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-ipsec-01-output-hooks
Does this mean you will be able to run tcpdump and only see
the unencrypted packets and/or NAT these packets to an (L2TP)
server on another interface?
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list