[Openswan Users] KLIPS and iptables policy match
John A. Sullivan III
jsullivan at opensourcedevel.com
Thu Mar 31 06:35:31 EDT 2011
On Thu, 2011-03-31 at 03:57 -0400, Paul Wouters wrote:
> On Wed, 30 Mar 2011, John A. Sullivan III wrote:
>
> > Hello, all. Does the iptables policy match, e.g., "-m policy --strict
> > --dir in --pol ipsec --proto esp --mode tunnel," match esp packets using
> > KLIPS or just netkey?
>
> AFAIK, it should because it is matching packet content. It will be slightly
> different because of the different path of the packet via multiple interfaces
> (eth0 vs eth0+ipsec0)
>
> Paul
>
That would be great. I just didn't know if KLIPS and netkey stored the
SAD in different places and the policy match only looked in netkey's
SAD. Thanks - John
More information about the Users
mailing list