vk4gtw at bigpond.com
Tue Oct 18 21:43:22 CEST 2016
Thank you, Noel.
I am trying to understand how the inner and outer IP headers for tunneled IPsec packets
are processed by iptables, to help troubleshoot an anomalous situation I found.
I think I have the decryption process clear but was not clear on the iptables processing for
encrypted packets. From what you said, it looks like the NAT-T header is added after the
iptables processing of an outbound encrypted packet, on the second pass by the
outbound XFRM lookup. Is my understanding correct?
More information about the Users