[Openswan Users] overlapping networks with nat-t

Jacco de Leeuw jacco2 at dds.nl
Thu Jan 19 16:06:15 CET 2006


Marco Berizzi wrote:

>> though. This will be very hard using netkey.
> 
> Not now. Patrick McHardy patches has been in the
> mainline kernel since 2.6.15-git5. With a recent
> iptables snapshot version there is a new 'policy
> match' which allow very granual control over ipsec
> packets. For anyone who is interested see: 
> https://lists.netfilter.org/pipermail/netfilter-devel/2006-January/023002.html 

Which of Patrick McHardy's patches are in 2.6.15-git? These?

ipsec-01-output-hooks
ipsec-02-input-hooks
ipsec-03-policy-lookup
ipsec-04-policy-checks

http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-ipsec-01-output-hooks

Does this mean you will be able to run tcpdump and only see
the unencrypted packets and/or NAT these packets to an (L2TP)
server on another interface?

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list