[Swan] How to recognize an HTTP request that passes through the IPSec channel?

Lennart Sorensen lsorense at csclub.uwaterloo.ca
Tue May 31 13:20:31 UTC 2016

On Tue, May 31, 2016 at 11:07:41AM +0300, Michael Furman wrote:
> Thank you for your answers!Unfortunately I can not use iptables.The request to the server can come both from the IPSec channel and from an end user UI via other port (443).The question if I can somehow to recognize on the server that the request come from the IPSec channel 
> (that is passes IPsec encryption).

Well the packets will have the ipsec flag set on them (at least if you
use netkey rather than klips.  If you use klips then they will arrive
on the klips interface.)  iptables is a great way to apply rules based
on that ipsec flag.

So sorry but iptables really seems like THE solution here.

You haven't said why you can't use iptables.  It really seems you are
making your own problem when a proper obvious solution exists.

Len Sorensen

More information about the Swan mailing list