Re: [LARTC] BW using CBQ/tc for VPN Ipsec i/f?

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday, 08 April 2003, at 14:54:20 +0530,
Srikanth wrote:

> It's OK., my question was about, if i use tc, shall i need to pass ipsec 
> protocol / port number as arguments?
> i mean, Is there any mechanism to recognize ipsec packets / VPN tunnels.
> 
Once the IPsec tunnel is set up, you can recognize tunneled traffic
easily: (in tunnel mode) source and destination IP addresses will be
that of the two endpoints, and IP packets will have a "protocol" field
with values "decimal 50" (esp) or "decimal 51" (ah).

While the tunnel is being stablished, and if using IKE, both endpoints
exchange packets with their own IP, UDP transport protocol, and both
source and destination ports set to "decimal 500".

At least that is what I recall, check FreeS/WAN website
(www.freeswan.org) for complete information on traffic generated by an
IPsec tunnel.

Hope it helps.

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436     Debian Linux Sid (Linux 2.4.20-xfsip)


[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux