Hi Ricky, > [...] saying that ipsec devices are no more in > 2.6.16. Is that true?
Yes. The native Linux IPsec stack (Netkey) doesn't use dedicated interfaces, but handles packet en-/decapsulation transparently in the IP stack. > Then does StrongSwan route packets based purely on iptable/route > rules? Under some circumstances, routes are required (for example, to select an IKE-assigned IP as source address for locally generated traffic). These routes are installed by the IKEv2 daemon in the routing table 220 (ip route show table 220). iptables is not directly involved, it's all handled in the XFRM framework of the kernel. But you can apply iptables rules for specific tunnels using XFRM marks, for an example see [1]. Regards Martin [1]http://www.strongswan.org/uml/testresults/ikev2/nat-two-rw-mark/index.html _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
