Hi *,
Is there any documentation on how the new 2.5 ipsec plays together with
itables? How do ipsec packets traverse the tables? Where is the
encryption/decryption of the packets done? In transport mode? In
tunnel mode?
The freeswan documentation is quite clear about this: For example
incoming packets: The paket filters see the packets twice: Once from
the physical device (eth0, ppp0, whatever), with data still encrypted
and protocol 50/51, and once from the attached virtual ipsec<n> device,
after decryption in cleartext (so iptables actually sees what tcp/udp
port it is addressed to, ...).
How does the new ipsec code work compared to that? Probably different
as there is no virtual ipsec<n> device any more, but how exactly?
Gerd
--
You can't please everybody. And usually if you _try_ to please
everybody, the end result is one big mess.
-- Linus Torvalds, 2002-04-20