[strongSwan] Multiple tunnels between same peer
Martin Willi
martin at strongswan.org
Thu Jun 23 09:14:03 CEST 2011
Hi Meera,
> But is it possible to have multiple tunnels between the same endpoints
> (say between Alice and Sun)? I looked around but couldn't find any
> particular scenario in the link I've mentioned above. Also, even if it
> is possible to have more than one tunnel between the same end points,
> will marking of packets help in differentiation, since the destination
> address of both tunnels will be the same?
Yes, having two identical IPsec tunnels works if you differentiate them
with unique marks (or masks). You can use iptables rules to assign one
of the marks to each packet to select the tunnel to use. If you generate
traffic locally, you could alternatively use the SO_MARK socket option
to set the mark.
Regards
Martin
More information about the Users
mailing list