[strongSwan] strongswan routing
Alexandre Chapellon
a.chapellon at horoa.net
Mon Jun 13 14:04:28 CEST 2011
Hello,
I have a VPN gateway i'd like to use for several cutomers. Some of them
may share the same IP subnets.
In order to avoid conflicting routing, and to ensure isolation, I'd like
to "bind" each customer to its own routing tables using iproute2. I have
seen an option in strongswan that seems really interresting to achieve
this, but apparently it doen't work as I expect: the mark[_in|_out] option.
I supposed that using this option would apply an fwmark to packet that
belong to the connection it comes from/to, and so I expected such
packets to be match-able by iptables and iproute... Unfortunately it
doesn't... well at least it doesn't with my config.
Did I missunderstood this options?
More information about the Users
mailing list