[Openswan Users] overlapping networks with nat-t
Marco Berizzi
pupilla at hotmail.com
Thu Jan 19 16:21:28 CET 2006
Jacco de Leeuw wrote:
>Marco Berizzi wrote:
>
>>>though. This will be very hard using netkey.
>>
>>Not now. Patrick McHardy patches has been in the
>>mainline kernel since 2.6.15-git5. With a recent
>>iptables snapshot version there is a new 'policy
>>match' which allow very granual control over ipsec
>>packets. For anyone who is interested see:
>>https://lists.netfilter.org/pipermail/netfilter-devel/2006-January/023002.html
>
>Which of Patrick McHardy's patches are in 2.6.15-git? These?
>
>ipsec-01-output-hooks
>ipsec-02-input-hooks
>ipsec-03-policy-lookup
>ipsec-04-policy-checks
>
>http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-ipsec-01-output-hooks
YeSS: a much more recent version. The patches in the
pom-ng tarball were quite old and unmantained (they
didn't apply to 2.6.14 for example).
>Does this mean you will be able to run tcpdump
Please see:
http://marc.theaimsgroup.com/?l=linux-net&m=113343667400985&w=2
>the unencrypted packets and/or NAT these packets to an (L2TP)
>server on another interface?
I think yes, why not? ;-)
More information about the Users
mailing list