Noel, I note your last message clearly emphasised that packets from a local process are processed twice via the output path of the graphic.
So, for forwarded traffic (as distinct from locally source packets), I understand the packet to flow through the mangle and nat postrouting chains twice, and the other iptables output chains for raw, mangle, nat and filter tables only once after encryption. On the first pass through the mangle and nat postrouting chains, iptables rules would operate on the unencrypted payload packet and on the second pass on the IP headers of the encrypted IPsec packet. Am I headed in the right direction please? Brian _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users