[strongSwan] Help with fowarding an IP packet on a VPN connection

Lin, Clifton (US SSA) clifton.lin at baesystems.com
Tue Jun 14 22:50:14 CEST 2011

I am trying to write code that does the following:

1) Intercept an outbound IP packet (e.g. from a local application) using iptables/netfilter_queue to read the packet into user-space.
2) Then, configure and start a strongSwan VPN connection to the packet destination.
3) Then, forward that packet out this VPN connection.

My problem is with step 3.  How I can forward the packet out this newly created connection?  I tried issuing a netfilter verdict (NF_REPEAT or NF_ACCEPT) to reinject the packet to the kernel.  However, when I do this, the packet does not get encrypted, presumably because the packet gets re-injected after the point at which the kernel would have done the IPsec encryption.  Alternatively, I tried sending a new identical IP packet using a raw socket, but again, same problem as above--the packet does not get encrypted.

Any suggestions?


More information about the Users mailing list