[Openswan Users] Testing ipsec connection and confirming encryption

Roberto Suarez Soto roberto.suarez.soto at gmail.com
Wed Aug 24 03:52:39 EDT 2011

El 08/24/2011 08:33 AM, Kevin Keane escribió:
> Thank you very much! That's exactly what I needed. For those who find this post in google, the correct syntax for iptables that worked for me was this:
> iptables -A INPUT -s<peer IP>  -m policy --dir in --pol ipsec -m multiport -p tcp --dports<whatever ports you want opened>  -j ACCEPT
> This policy is a bit more restrictive than the one Paul suggested.

	Just FWIW, what I usually do is allow only ESP traffic between the two IPSec 
peers, and then filter in FORWARD the traffic between subnets. I think in 
practice the result is as good as using -m policy. And if not, please do tell; 
I'm eager to know, for my own sake :-)


     Roberto Suarez Soto                   Pick up the phone,
                                              I'm always home

More information about the Users mailing list