ipsec and nat history
Marco Berizzi
pupilla at hotmail.com
Tue Nov 8 18:35:20 CET 2005
I was browsing netfilter-dev archive about the issues with NAT
and IPsec. I was reading this message (27 Jan 2004) from Harald:
https://lists.netfilter.org/pipermail/netfilter-devel/2004-January/013903.html
"...We could even pass a dummy output device structure
with an interface name "esp" so people can SNAT
everything heading for esp encapsulation..."
Lately Michael Richardson wrote:
https://lists.netfilter.org/pipermail/netfilter-devel/2004-January/013956.html
"...I would suggest that many administrators will want
to have possibly a pseudo-interface per SA. These
aren't necessarily real interfaces like ipsecX, but they
do need to be named in some way..."
Is this approach (virtual/pseudo/dummy device) abandoned?
TIA
More information about the netfilter-devel
mailing list