Hi Simo, > [1]http://kerneltrap.org/mailarchive/linux-netdev/2008/12/4/4312604
My patch introduced a bug and therefore has been reverted upstream. Additionally, there are some doubts if encapsulated packets should be processed if it is not explicitly enabled in the SA. You might join the discussion (above) and explain why and in which situation this would make sense. Herbert asked for your client OS/Daemon. In the meantime, I'll do some testing with a modified patch that accepts encapsulated packets on a non-encapsulating SA, but not vice-versa. Regards Martin _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users