Openswan with 26sec kernel implementation
Filtering examples
iptables -t mangle -A PREROUTING -i eth0 -p 50 -j MARK --set-mark 0x9 iptables -t mangle -A PREROUTING -i eth0 -p 50 -j RETURN iptables -t mangle -A PREROUTING -i eth0 -p udp --sport 500 --dport 500 -j MARK --set-mark 0x9 iptables -t mangle -A PREROUTING -i eth0 -p udp --sport 500 --dport 500 -j RETURN iptables -A FORWARD -m mark --mark 0x9 -j ACCEPT iptables -A INPUT -m mark --mark 0x9 -j ACCEPT