[Openswan Users] Iptables problem (netkey)

Andreas Steffen andreas.steffen at strongsec.net
Wed Jan 9 12:59:47 EST 2008

Have a look at the following iptables sample for a net2net connection
based on ipsec policies and using the reqid of the tunnel:


Here is an _updown script which automatically inserts and removes 
ipsec-policy-based iptables rules using environment variables
received from the PLUTO daemon:


Best regards


Arn Vollebregt wrote:
>> -----Original Message-----
>> From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
>> Behalf Of Nicole Hähnel
>> Until now we added iptables rules on interface ipsec0 to accept traffic
>> between networks.
>> Without an ipsec interface it's a little bit difficult to add rules.
> You might want to look at the ipsec policy in iptables, which will do what
> you want
> Regards,
> Arn Vollebregt

Andreas Steffen                   e-mail: andreas.steffen at strongsec.com
strongSec GmbH                    home:   http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===

More information about the Users mailing list