[strongSwan] deprecated hidetos config option
Martin Willi
martin at strongswan.org
Mon Nov 10 10:55:14 CET 2014
Hi,
> I'm in the process of upgrading a strongswan 4.5.2 to 5.2 and I found
> that the hidetos option field has been deprecated.
AFAIK, the hidetos option had no effect with 4.5.2. Possible that it was
supported by the old KLIPS stack. In XFRM, there is such an option since
Linux 3.10 [1], but we currently don't support it.
> We use the option so the clear packet DSCP set with iptables doesn't
> get removed when the packet gets encrypted.
With XFRM, this is the default, so this might just work.
Regards
Martin
[1]http://comments.gmane.org/gmane.linux.network/259479
More information about the Users
mailing list