[strongSwan] Diagram
Brian O'Connor
vk4gtw at bigpond.com
Tue Oct 18 21:05:01 CEST 2016
Hello,
The commonly quoted packet flow diagram at [1] does not show where NAT-T is implemented for
IPsec MOBIKE. Questions are:
1. Where in the diagram is NAT-T de-capsulation performed?
2. Where in the diagram is NAT-T encapsulation performed?
3. Does the NAT-T UDP header have to be removed so the iptables IPsec policy module can operate?
4. Traffic from the topmost "local process" block flows to a "routing decision" block. Is this to prevent
a local IPsec connection (to loopback address, possibly ) from being encrypted?
[1] http://inai.de/images/nf-packet-flow.png
TIA,
Brian
More information about the Users
mailing list