I am trying to write code that does the following: 1) Intercept an outbound IP packet (e.g. from a local application) using iptables/netfilter_queue to read the packet into user-space. 2) Then, configure and start a strongSwan VPN connection to the packet destination. 3) Then, forward that packet out this VPN connection.
My problem is with step 3. How I can forward the packet out this newly created connection? I tried issuing a netfilter verdict (NF_REPEAT or NF_ACCEPT) to reinject the packet to the kernel. However, when I do this, the packet does not get encrypted, presumably because the packet gets re-injected after the point at which the kernel would have done the IPsec encryption. Alternatively, I tried sending a new identical IP packet using a raw socket, but again, same problem as above--the packet does not get encrypted. Any suggestions? Thanks, Clifton _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
