[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <200610301729.49089.lists@naasa.net>
Date: Mon, 30 Oct 2006 17:29:48 +0100
From: Joerg Platte <lists@...sa.net>
To: linux-kernel@...r.kernel.org
Subject: IPSEC and bridged interfaces
Hi,
currently I'm using kernel 2.6.18.1 on one of my computers. The router acts as
an ipsec endpoint and masquerades all packets received via IPSEC.
Today I replaced the local ethernet interface by a bridged interface by
combining the ethernet interface with a tap interface. I changed the
interface names in my iptables-based firewall to match the new bridge
interface name and did not change anything else.
Unfortunately, the kernel does not encrypt incoming packages any more. tcpdump
reveals, that all received replies (I tested it with ping) are forwarded
unencrypted, because they are visible on my firewall instead of being
encrypted. Is this a known problem? Is bridging and IPSEC (maybe with
masquerading) currently not supported? Or should I forward this issue to
another mailing list?
regards,
Jörg
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists