Thank you, Noel.
I am trying to understand how the inner and outer IP headers for tunneled IPsec
are processed by iptables, to help troubleshoot an anomalous situation I found.
I think I have the decryption process clear but was not clear on the iptables
encrypted packets. From what you said, it looks like the NAT-T header is added
iptables processing of an outbound encrypted packet, on the second pass by the
outbound XFRM lookup. Is my understanding correct?
Users mailing list