projects / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cf4a739) | patch
updown: Allow IPIP traffic if IPComp was negotiated
authorTobias Brunner <tobias@strongswan.org>
Thu, 7 Nov 2013 16:50:02 +0000 (17:50 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 23 Jan 2014 09:27:12 +0000 (10:27 +0100)
commit6d1198e71d3bd8e2f3b5c1fc1f3348807433d851
treefcab928da6a62d5ab8c54cf9982960e359a434d2tree | snapshot
parentcf4a7395aaee59b871382154ba9bfeda0819d057commit | diff
updown: Allow IPIP traffic if IPComp was negotiated

The kernel implicitly creates an IPIP SA if an IPComp SA is installed.
This SA is used inbound for small packets that are not compressed.

Since the addresses are different (they are the tunnel addresses not
those of the tunneled traffic) additional rules are required if the
traffic selector does not cover the tunnel addresses (e.g. due to a NAT).

For SAs with multiple traffic selectors duplicate rules will get installed.
src/_updown/_updown.in diff | blob | history
strongSwan - IPsec VPN