Hello everybody.
I would like to know if is it possible to create an ipsec
policy based on the mark value inizialized by netfilter.
This is my problem: I need to route VoIP packets from hosts
connected to the private networks (A & B) to the QoS routers,
without encrypting them. 'Normal' packets are encrypted &
delivered by the ipsec tunnel through the 'Internet router'.
I was thinking to mark them with netfilter (matching on dscp
value) and then create an ipsec policy based on that mark
value.
TIA
___ private network A
| /
|/
|
|
+-----+-----+
| |
| linux |
| ipsec |
| gateway |
| |
+--+-----+--+
| |
+--------+ | |
|Internet| | | +------------------+
| +-----+ +-----+QoS enabled router|
| router | +------------------+
+--------+ ||
|| ||
|| ||
||\ ||
|| \___ipsec tunnel ||\
|| net A <=> net B || \___QoS WAN network
|| || net A <=> net B
|| ||
+--------+ ||
|Internet| +------------------+
| +-----+ +-----+QoS enabled router|
| router | | | +------------------+
+--------+ | |
| |
+--+-----+--+
| |
| linux |
| ipsec |
| gateway |
| |
+-----+-----+
|
|
|\
| \___ private network B
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
