Re: 2.6 native IPsec implementation question
Date: Mon Nov 15 2004 - 09:53:30 EST
;) My question wasn't "how does ipsec rules looks" but "why its
implemented such a way".
These almost exactly are rules I want to implement.
But, when you run tcpdump -nni eth0 you can see ESP traffic _and_ one
direction of something going through IPsec.
Imagine, that on eth0 five IPsec tunnels are "ended" and only one I wish
to allow tcp/389.
It seems not possible to just allow tcp/389 from only one VPN because IP
addresses are changing daily
in all 5 remote locations.
Moreover "-i eth0 -j DROP" blocks IPsec traffic ... (or -o eth0 i don't
Jan Engelhardt wrote:
And thats the issue - WHY it is implemented such a way ?
2. Why IPsec in 2.6 doesn't creates entries in the route tables ?
Because it doesnot create a device ipsecN?
Which developement considerations caused that choice ?
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/