[strongSwan] Diagram

Brian O'Connor vk4gtw at bigpond.com
Tue Oct 18 21:43:22 CEST 2016

Thank you, Noel.

I am trying to understand how the inner and outer IP headers for tunneled IPsec packets
are processed by iptables, to help troubleshoot an anomalous situation I found.

I think I have the decryption process clear but was not clear on the iptables processing for
encrypted packets.  From what you said, it looks like the NAT-T header is added after the
iptables processing of an outbound encrypted packet, on the second pass by the
outbound XFRM lookup. Is my understanding correct?


More information about the Users mailing list