-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
John A. Sullivan III wrote:
| | I do like the way in which *swan uses a separate interface for IPSec | traffic. This makes it simple to identify the VPN traffic in iptables | although it is not impossible to do so with the kernel IPSec. | |
The 'policy' match feature in Patch-O-Matic allows you to differentiate the VPN traffic. You also need to install the ipsec-netfilter patches to ensure that VPN traffic is passed properly through the various netfilter builtin chains.
- -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@xxxxxxxxxxxxx PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBLfBPO/MAbZfjDLIRAgTIAKCUoKABy8qboj/YdNpgQy7zOrH8zwCePHKX qUwyxq6xUNPGSaI2TGKGW0U= =6vBN -----END PGP SIGNATURE-----
