[strongSwan] Diagram

Brian O'Connor vk4gtw at bigpond.com
Tue Oct 18 22:11:33 CEST 2016


I note your last message clearly emphasised that packets from a local process are processed twice
via the output path of the graphic.

So, for forwarded traffic (as distinct from locally source packets), I understand the packet to
flow through the mangle and nat postrouting chains twice, and the other iptables
output chains for raw, mangle, nat and filter tables only once after encryption.

On the first pass through the mangle and nat postrouting chains, iptables rules would
operate on the unencrypted payload packet and on the second pass on the IP headers of
the encrypted IPsec packet.

Am I headed in the right direction please?


More information about the Users mailing list