I’ve tried to force the key in the ipsec.conf connection entry by adding “mark=100” into the connection. When acting as a responder, I didn’t have to do this, strongSwan seems to choose a mark value for me.
With the “mark=100” set, I do see PLUTO_MARK_OUT and PLUTO_MARK_IN get set in the up/down script. I’ve also added the key back into the up/down script for the “ip link add” command, but I’m still seeing errors in the VTI interface stats when trying to route packets out this interface (errors are incrementing, as well as “carrier”). Anything else I should check? Any other relevant stats to check? /Ryan On 7/28/16, 9:21 AM, "Tobias Brunner" <[email protected]> wrote: Hi Ryan, > I had to remove the "key" piece of the "ip link add" command, as the > PLUTO_MARK_OUT and > PLUTO_MARK_IN variables (which get set when responder) are not set. > What am I missing? You answered that question yourself. Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
