Thank you, Noel.

I am trying to understand how the inner and outer IP headers for tunneled IPsec 
are processed by iptables, to help troubleshoot an anomalous situation I found.

I think I have the decryption process clear but was not clear on the iptables 
processing for
encrypted packets.  From what you said, it looks like the NAT-T header is added 
after the
iptables processing of an outbound encrypted packet, on the second pass by the
outbound XFRM lookup. Is my understanding correct?


Users mailing list

Reply via email to