<div dir="ltr">Hello,<div><br></div><div><p style="margin-top:0px;margin-right:0px;margin-left:0px;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">I've established BGP connection from my Centos Linux box to Amazon VPC - using this guide: <a href="https://www.edge-cloud.net/2019/07/18/aws-site-2-site-vpn-with-strongswan-frrouting/#strongswan-setup" rel="nofollow noreferrer" target="_blank" style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:inherit;vertical-align:baseline;box-sizing:inherit">https://www.edge-cloud.net/2019/07/18/aws-site-2-site-vpn-with-strongswan-frrouting/#strongswan-setup</a> </p><p style="margin-top:0px;margin-right:0px;margin-left:0px;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">The only strange thing is that on IPtables mangle table - I don't see any matches on MARK f-ction which should set a MARK on incomming traffic. But IPSEC is still working (at least for now) don't know is it something i need to take care of or no.:</p><pre style="white-space:pre-wrap;margin-top:0px;margin-bottom:0px;padding:12px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:1.30769;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;font-size:13px;vertical-align:baseline;box-sizing:inherit;width:auto;max-height:600px;overflow:auto;border-radius:5px"><code style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;vertical-align:baseline;box-sizing:inherit;background-color:transparent;white-space:inherit;border-radius:0px"> pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 207M packets, 207G bytes)
pkts bytes target prot opt in out source destination
</code><code style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;line-height:inherit;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;vertical-align:baseline;box-sizing:inherit;background-color:transparent;white-space:inherit;border-radius:0px"><b><u> 0 0 MARK</u></b></code><code style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;vertical-align:baseline;box-sizing:inherit;background-color:transparent;white-space:inherit;border-radius:0px"><u> </u> esp -- * * xx.xx.204.63 xx.xx.xx.251 MARK set 0x64
<u> </u></code><code style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;line-height:inherit;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;vertical-align:baseline;box-sizing:inherit;background-color:transparent;white-space:inherit;border-radius:0px"><b><u> 0 0 MARK </u></b></code><code style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;vertical-align:baseline;box-sizing:inherit;background-color:transparent;white-space:inherit;border-radius:0px"> esp -- * * xx.xx.121.249 xx.xx.xx.251 MARK set 0xc8
Chain FORWARD (policy ACCEPT 100M packets, 131G bytes)
pkts bytes target prot opt in out source destination
78389 4702K TCPMSS tcp -- * VTI_awssg1 <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> tcp flags:0x06/0x02 TCPMSS clamp to PMTU
807 48404 TCPMSS tcp -- * VTI_awssg2 <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> tcp flags:0x06/0x02 TCPMSS clamp to PMTU
Chain OUTPUT (policy ACCEPT 90M packets, 73G bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 192M packets, 205G bytes)
pkts bytes target prot opt in out source destination
</code></pre><pre style="white-space:pre-wrap;margin-top:0px;margin-bottom:0px;padding:12px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:1.30769;font-size:13px;vertical-align:baseline;box-sizing:inherit;width:auto;max-height:600px;overflow:auto;border-radius:5px"><font face="Consolas, Menlo, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, Courier New, monospace, sans-serif">
Any ideas ? Thanks.</font></pre></div></div>