On 11.12.2016 15:15, Slawa Olhovchenkov wrote: >> IPsec is a set of protocol handlers - ESP/AH/IPcomp. Inbound packets are >> handled by security association with given destination address and SPI. >> If returned packets aren't destined to your address, protocol handlers >> will not handle them. > > SA can't contains not may address? Surpised to me. > Or I missunderstund you.
You can specify what you want, but this just will not work as you expect. A router usually must not handle all TCP sessions that it forwards. It routes IP packets, but it doesn't invoke tcp_input() for each TCP packet that it sees. -- WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
