Thank you, Noel.

I am trying to understand how the inner and outer IP headers for tunneled IPsec 
packets
are processed by iptables, to help troubleshoot an anomalous situation I found.

I think I have the decryption process clear but was not clear on the iptables 
processing for
encrypted packets.  From what you said, it looks like the NAT-T header is added 
after the
iptables processing of an outbound encrypted packet, on the second pass by the
outbound XFRM lookup. Is my understanding correct?

TIA,
Brian

_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to