[strongSwan] Diagram

Brian O'Connor vk4gtw at bigpond.com
Tue Oct 18 21:05:01 CEST 2016


The commonly quoted packet flow diagram at [1] does not show where NAT-T is implemented for
IPsec MOBIKE.  Questions are:

  1.  Where in the diagram is NAT-T de-capsulation performed?

  2.  Where in the diagram is NAT-T encapsulation performed?

  3.  Does the NAT-T UDP header have to be removed so the iptables IPsec policy module can operate?

  4.  Traffic from the topmost "local process" block flows to a "routing decision" block.  Is this to prevent
      a local IPsec connection (to loopback address, possibly ) from being encrypted?

  [1]  http://inai.de/images/nf-packet-flow.png


More information about the Users mailing list