Wouldn't this work fine, if we have the virtual device like freeswan had or is netfilter broken with this?
I mean I cannot practicly setup an IPSec only access point with the current netfilter and ipsec in Linux 2.6, or am I deadly wrong?
Check out the ipsec-* patches and the policy match in netfilter pom-ng.
Regards Patrick - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
