[Vpn-help] vpn-release-1.1 communicate with racoon problem
Matthew Grooms
mgrooms at shrew.net
Mon Nov 27 10:33:49 CST 2006
Zhao Tongyi wrote:
> i have captured the esp packets from my linux box ,so I think iptables
> work is fine and not blocked the esp packets,now my question is I don't
> know if ipsec-tools unencapsulation incoming esp packets and forward
> others ethernet card.
>
Zhao,
One other thing, ipsec-tools does not handle esp processing. It
only helps to negotiate crypto keys with a peer on behalf of the kernel.
Once the keys are installed, the kernel handles all the ESP/AH/IPCOMP
packet processing including tunnel mode encap/decap based on the
information contained in SPD/SAD.
Thanks,
-Matthew
More information about the vpn-help
mailing list