Hello,

The commonly quoted packet flow diagram at [1] does not show where NAT-T is 
implemented for
IPsec MOBIKE.  Questions are:

  1.  Where in the diagram is NAT-T de-capsulation performed?

  2.  Where in the diagram is NAT-T encapsulation performed?

  3.  Does the NAT-T UDP header have to be removed so the iptables IPsec policy 
module can operate?

  4.  Traffic from the topmost "local process" block flows to a "routing 
decision" block.  Is this to prevent
      a local IPsec connection (to loopback address, possibly ) from being 
encrypted?

  [1]  http://inai.de/images/nf-packet-flow.png

TIA,
Brian


_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to