- # log IPsec client connection setup
-@@ -473,12 +496,51 @@ up-client:iptables)
+ # allow IPIP traffic because of the implicit SA created by the kernel if
+@@ -497,7 +520,7 @@
+ # INPUT is correct here even for forwarded traffic.
+ if [ -n "$PLUTO_IPCOMP" ]
+ then
+- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p 4 \
++ iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p 4 \
+ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
+ fi
+ #
+@@ -507,12 +530,51 @@