Hello Ansis,
unfortunately XFRM forces you to set marks in both directions
even if they are not needed for the inbound direction.
XFRM cannot do this automatically, you must set the marks
externally e.g. using iptables.
Regards
Andreas
On 22.03.2011 01:01, Ansis Atteka wrote:
> Andreas,
>
> Tha
Andreas,
Thank you, that was exactly what I have been looking for! But still
one thing - can I somehow tell StrongSwan and XFRM so that XFRM puts
that mark for me automatically without using iptables command from the
updown script?
Anyway that is not a big problem, but I am wondering if this by a
Hello Ansis,
have you had a look at the following scenario
http://www.strongswan.org/uml/testresults/ikev2/nat-two-rw-mark/
which uses XFRM marks to map identical remote networks to
different ones?
Regards
Andreas
On 03/15/2011 01:45 AM, Ansis Atteka wrote:
> Hello,
>
> Here is a problem I a
Hello,
Here is a problem I am trying to solve: We have multiple IPsec clients
that connect to the same IPsec server. This IPsec Server acts as a
"gateway" to the Internet for all computers that are behind those
IPsec clients (see diagram below). The problem is that subnets between
these IPsec clie
