[Top] [All Lists]

Re: Problem with IPSEC tunnel mode

To: jamal <hadi@xxxxxxxxxx>
Subject: Re: Problem with IPSEC tunnel mode
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Fri, 22 Apr 2005 09:58:02 +1000
Cc: Wolfgang Walter <>, netdev@xxxxxxxxxxx
In-reply-to: <1114127419.10572.4.camel@xxxxxxxxxxxxxxxxxxxxx>
References: <E1DObFc-0000je-00@xxxxxxxxxxxxxxxxxxxxxxxx> <> <20050421214618.GA29991@xxxxxxxxxxxxxxxxxxx> <1114127419.10572.4.camel@xxxxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6+20040907i
On Thu, Apr 21, 2005 at 07:50:19PM -0400, jamal wrote:
> What was the reason there exist a FWD direction in the policies?

You should really ask Alexey about that :) I myself had the same
question when I first started in this area.  However, since it
has been present since the very beginning and people are already
relying on it, we will have to live with it.

> Also - shouldnt the FWD policies closely match the OUT ones instead of
> the IN direction (browsing the forwarding code)? i.e
> does this look odd to you (picking a sample from Wolfgangs output):

The FWD policies are analogous to the FORWARD table in netfilter.
The FWD policies apply to forwarded packet, meaning packets that
end up in ip_forward instead of ip_local_deliver.  The IN policies
only apply to packets that end up in ip_local_deliver.

Visit Openswan at
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page:
PGP Key:

<Prev in Thread] Current Thread [Next in Thread>