[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Transparent proxy from different networks

On Thu, Oct 09, 2008 at 12:01:14AM +0200, Sascha Reiszner wrote:
> Am Montag, den 06.10.2008, 10:05 -0500 schrieb Jason Voorhees:
>> But users from differents networks (,,
>> etc.) can't browse the Internet. Those networks are connected to
>> via a VPN connection.
> I think the end of the tunnel from VPN is not the device eth2.
> The tunnel ends normaly at a bridge (br#) or a virtual device (like tun#
> or tap#).

Note that this is not true if the VPN is created using the IPSec
protocol with the kernel IPSec-Stack. In this scenario packets seen to
arrive twice at the interface: First the encrypted packet, then the
decrypted packet (but only if the first does not get dropped).


"A troll. Stupid but hard to fool. I'm afraid i shall have to try the truth"
"Vy vill zat vork?"
"He's a Policeman The truth usually confuses them. They don't often hear it."
(William and Otto)                                 [Terry Pratchett, The truth]

Attachment: signature.asc
Description: Digital signature

Reply to: