ipsec and nat history
pupilla at hotmail.com
Tue Nov 8 18:35:20 CET 2005
I was browsing netfilter-dev archive about the issues with NAT
and IPsec. I was reading this message (27 Jan 2004) from Harald:
"...We could even pass a dummy output device structure
with an interface name "esp" so people can SNAT
everything heading for esp encapsulation..."
Lately Michael Richardson wrote:
"...I would suggest that many administrators will want
to have possibly a pseudo-interface per SA. These
aren't necessarily real interfaces like ipsecX, but they
do need to be named in some way..."
Is this approach (virtual/pseudo/dummy device) abandoned?
More information about the netfilter-devel