mark, you simply rule! this fixed my problem. now, since i was going nuts trying to figure it out and i couldn't find ANY info on ANYWHERE (you guys were my last resort), so i have decided to make a small guide (i needed to learn docbook anyway so this seemed like a good chance) which can be found here:I have to guess so. I've no idea TBH where the packets actually go, but this definitely works for me. I'm more of a cook than a chef when it comes to netfilter. I've tried looking around the source, but I'm pretty clueless, and the native ipsec doesn't seem to be documented at all. It's not even got a maintainer listed, and virtually nothing in linux/Documentation. (If anyone could point me in the right direction that would be great!).
http://hoeg.org/lri/
but one thing - to be honest i actually was thinking briefly about the MARK solution myself but came to the conclusion that since it is similar to the TOS marks you can set, then technically somebody else could tag the packets themselves before entering my system which would bypass the solution. and thats why i didnt take it further. can anybody shed any light on that?
but in order for the search engines to pick up this message: racoon linux kernel 2.6 ipsec vpn tunnel firewall iptables netfilter
agreeIt kind of makes sense, because without this we'd have no possibility of handling packets that came in via an IPSC tunnel separately.
