[Openswan Users] overlapping networks with nat-t

Jacco de Leeuw jacco2 at dds.nl
Thu Jan 19 16:06:15 CET 2006

Marco Berizzi wrote:

>> though. This will be very hard using netkey.
> Not now. Patrick McHardy patches has been in the
> mainline kernel since 2.6.15-git5. With a recent
> iptables snapshot version there is a new 'policy
> match' which allow very granual control over ipsec
> packets. For anyone who is interested see: 
> https://lists.netfilter.org/pipermail/netfilter-devel/2006-January/023002.html 

Which of Patrick McHardy's patches are in 2.6.15-git? These?



Does this mean you will be able to run tcpdump and only see
the unencrypted packets and/or NAT these packets to an (L2TP)
server on another interface?

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list