[strongSwan] Help with fowarding an IP packet on a VPN connection
Lin, Clifton (US SSA)
clifton.lin at baesystems.com
Tue Jun 14 22:50:14 CEST 2011
I am trying to write code that does the following:
1) Intercept an outbound IP packet (e.g. from a local application) using iptables/netfilter_queue to read the packet into user-space.
2) Then, configure and start a strongSwan VPN connection to the packet destination.
3) Then, forward that packet out this VPN connection.
My problem is with step 3. How I can forward the packet out this newly created connection? I tried issuing a netfilter verdict (NF_REPEAT or NF_ACCEPT) to reinject the packet to the kernel. However, when I do this, the packet does not get encrypted, presumably because the packet gets re-injected after the point at which the kernel would have done the IPsec encryption. Alternatively, I tried sending a new identical IP packet using a raw socket, but again, same problem as above--the packet does not get encrypted.
More information about the Users