IPSEC and bridged interfaces

From: Joerg Platte
Date: Mon Oct 30 2006 - 11:30:15 EST

Next message: Daniel Drake: "[PATCH] jfs: Add splice support"
Previous message: Jens Axboe: "Re: 2.6.19-rc3-git7: scsi_device_unbusy: inconsistent lock state"
Next in thread: Jan Engelhardt: "Re: IPSEC and bridged interfaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

currently I'm using kernel 2.6.18.1 on one of my computers. The router acts as
an ipsec endpoint and masquerades all packets received via IPSEC.

Today I replaced the local ethernet interface by a bridged interface by
combining the ethernet interface with a tap interface. I changed the
interface names in my iptables-based firewall to match the new bridge
interface name and did not change anything else.

Unfortunately, the kernel does not encrypt incoming packages any more. tcpdump
reveals, that all received replies (I tested it with ping) are forwarded
unencrypted, because they are visible on my firewall instead of being
encrypted. Is this a known problem? Is bridging and IPSEC (maybe with
masquerading) currently not supported? Or should I forward this issue to
another mailing list?

regards,
JÃrg

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Daniel Drake: "[PATCH] jfs: Add splice support"
Previous message: Jens Axboe: "Re: 2.6.19-rc3-git7: scsi_device_unbusy: inconsistent lock state"
Next in thread: Jan Engelhardt: "Re: IPSEC and bridged interfaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]