[strongSwan] marks on decrypted packets

SM K sacho.polo at gmail.com
Wed Mar 25 01:56:00 CET 2015


Hi Noel,

Thank you for your response. I believe that would work.

regards,
sk


>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA256
>
>Hello,
>
>Marks which are applied to the esp packet transfer over to the decrypted
packet.
>You can leverage this by using the policy module to find what esp packets
belong
>to what tunnel and marking them accordingly.
>e.g.: iptables -t mangle -I INPUT -m policy --pol ipsec --dir in --reqid
42 -j MARK --set-mark 0xf00

>Mit freundlichen Gr??en/Kind Regards,
>Noel Kuntze

>GPG Key ID: 0x63EC6658.
>Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 23.03.2015 um 19:03 schrieb SM K:
> Hi,
>
> If I had two tunnels to my strongswan server, is there a way to
distinguish the packets coming out decrypted from the two tunnels via fw
marks? I would like to handle the traffic coming out of the two (or more)
tunnels differently in my netfilter hooks. Is there anything in the sk_buff?
>
> regards,
> sk
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150324/8b1d8832/attachment.html>


More information about the Users mailing list