[Openswan Users] Ipsec passthrough on linux

hiren joshi joshihirenn at gmail.com
Tue Dec 9 23:05:05 EST 2008


Thanks for the reply.


On Tue, Dec 9, 2008 at 10:25 AM, Paul Wouters <paul at xelerance.com> wrote:
> On Tue, 9 Dec 2008, hiren joshi wrote:
>
>> > There are the SPI numbers.
>>
>> Interesting as SPIs are different for each direction.
>
> They are, because they are actually independant of each other. What
> we call an "IPsec SA" is really a set of two SA's.
>
>> Is this kind of passthrough support readily available via a
>> Linux/Netfilter patch that maps SPIs on the fly?
>
> Not that I know of, though there are some IPsec related matches
> for netfilter available.
>
>> I plan to utilize the above information as a temporary work around for
>> one of my legacy VPN server until I upgrade it.
>
> Good luck. I think it will be less time consuming to upgrade the legacy
> vpn server.
>
> Paul
>


More information about the Users mailing list