[strongSwan] KLIPS and iptables policy match
Andreas Steffen
andreas.steffen at strongswan.org
Thu Mar 31 08:11:33 CEST 2011
Hello John,
we use the IPsec policy netfilter rules with the nativee Linux netkey
IPsec stack only. With KLIPS the ipsecN interfaces would be available
for filtering plaintext traffic but actually strongSwan 4.x does not
really support KLIPS any more.
Regards
Andreas
On 03/30/2011 11:52 PM, John A. Sullivan III wrote:
> Hello, all. Does the iptables policy match, e.g., "-m policy --strict
> --dir in --pol ipsec --proto esp --mode tunnel," match esp packets using
> KLIPS or just netkey?
>
> We continue to plug away at the ISCS project for managing large, complex
> security environments as a whole entity rather than individual
> firewall/gateway management (http://iscs.sourceforge.net). Thus, it is
> helpful for us to be able to write rules which work on multiple
> platforms, e.g., netkey and KLIPS. Thanks - John
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list