Marc Haber <[EMAIL PROTECTED]> wrote: > > Please note that the 2.6 ipsec is unuseable. You can't filter traffic > that goes into or comes from a tunnel. That's a killer.
That's not true. Filtering for tunnels works just fine. Transport mode filtering is indeed not supported. But you can achieve the same effect through IPSEC policies. The only show stopper with tunnels is the lack of SNAT support. Even that isn't very difficult to resolve. Cheers, -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
