netdev
[Top] [All Lists]

Re: Problem with IPSEC tunnel mode

To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject: Re: Problem with IPSEC tunnel mode
From: Patrick McHardy <kaber@xxxxxxxxx>
Date: Fri, 22 Apr 2005 02:13:35 +0200
Cc: jamal <hadi@xxxxxxxxxx>, Wolfgang Walter <wolfgang.walter@xxxxxxxxxxxxxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to: <20050421235802.GB10451@gondor.apana.org.au>
References: <E1DObFc-0000je-00@gondolin.me.apana.org.au> <200504211640.16742.wolfgang.walter@studentenwerk.mhn.de> <20050421214618.GA29991@gondor.apana.org.au> <1114127419.10572.4.camel@localhost.localdomain> <20050421235802.GB10451@gondor.apana.org.au>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050324 Debian/1.7.6-1
Herbert Xu wrote:
On Thu, Apr 21, 2005 at 07:50:19PM -0400, jamal wrote:

What was the reason there exist a FWD direction in the policies?

You should really ask Alexey about that :) I myself had the same question when I first started in this area. However, since it has been present since the very beginning and people are already relying on it, we will have to live with it.

I guess it was for performance reasons. A router that only needs IPsec for management doesn't need to perform policy checks for forwarded packets, which makes sense too me.

Regards
Patrick

<Prev in Thread] Current Thread [Next in Thread>