Hello,
I have a need for a userspace IPsec stack along with Strongswan (IKEv2) for keying. While examining the libipsec
implementation, I became curious about the decision to use virtual interfaces vs. using kernel mechanisms such as
Netfilter and Netfilter Queues to divert traffic to a userspace IPsec datapath stack.
No doubt I'm unaware of some of the design constraints, so to simplify the
question, I'd ask:
"is there any reason one should *not* implement a userspace IPsec stack using Netfilter and NFQUEUEs in combination
with Strongswan"?
Thank you in advance.
Plevin
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
