[Top] [All Lists]

Re: Problem with IPSEC tunnel mode

To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject: Re: Problem with IPSEC tunnel mode
From: Patrick McHardy <kaber@xxxxxxxxx>
Date: Fri, 22 Apr 2005 02:13:35 +0200
Cc: jamal <hadi@xxxxxxxxxx>, Wolfgang Walter <>, netdev@xxxxxxxxxxx
In-reply-to: <>
References: <> <> <> <1114127419.10572.4.camel@localhost.localdomain> <>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050324 Debian/1.7.6-1
Herbert Xu wrote:
On Thu, Apr 21, 2005 at 07:50:19PM -0400, jamal wrote:

What was the reason there exist a FWD direction in the policies?

You should really ask Alexey about that :) I myself had the same question when I first started in this area. However, since it has been present since the very beginning and people are already relying on it, we will have to live with it.

I guess it was for performance reasons. A router that only needs IPsec for management doesn't need to perform policy checks for forwarded packets, which makes sense too me.


<Prev in Thread] Current Thread [Next in Thread>