On Tuesday, 08 April 2003, at 14:54:20 +0530, Srikanth wrote: > It's OK., my question was about, if i use tc, shall i need to pass ipsec > protocol / port number as arguments? > i mean, Is there any mechanism to recognize ipsec packets / VPN tunnels. > Once the IPsec tunnel is set up, you can recognize tunneled traffic easily: (in tunnel mode) source and destination IP addresses will be that of the two endpoints, and IP packets will have a "protocol" field with values "decimal 50" (esp) or "decimal 51" (ah). While the tunnel is being stablished, and if using IKE, both endpoints exchange packets with their own IP, UDP transport protocol, and both source and destination ports set to "decimal 500". At least that is what I recall, check FreeS/WAN website (www.freeswan.org) for complete information on traffic generated by an IPsec tunnel. Hope it helps. -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Sid (Linux 2.4.20-xfsip)