A Helper module would be needed, why not put a single tunnel on the firewall and route them through?? Why does each machine required to have it's own tunnel? I guess you have your own reasons but a single tunnel at the firewall is 1 solution for now.. Thanks, ____________________________________________ George Vieira Systems Manager georgev@xxxxxxxxxxxxxxxxxxxxxx Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au -----Original Message----- From: dhiraj.2.bhuyan@xxxxxx [mailto:dhiraj.2.bhuyan@xxxxxx] Sent: Wednesday, May 28, 2003 1:45 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: IPSec passthrough Dear List, Does anyone know whether there is patch that will allow kernel 2.4 or greater to support setting up of multiple IPSec tunnels (passthrough) to the same destination - ie more than one machine behind the firewall trying to set up IPSec tunnel to the "same" remote host? When I was testing kernel 2.4.20 for passthrough capability a few months back, there was no patch that would allow me to do that (single passthorough worked fine). I presume this has something to do with writing a conntrack IPSec helper? Regards, Dhiraj Bhuyan BTexact
