[Openswan Users] Transport mode on a home LAN

[Jack Byer]

> You don't need AH really. But you should add UDP 500 for IKE (and if
> NAT is involved you might also need UDP 4500 <-> highports
>
> Paul

That part that is confusing me is that when I use tcpdump to watch the
traffic on the ethernet interface I see both the encrypted and
non-encrypted packets. How does iptables differentiate between the
packets on the wire and the packets inside the tunnel?