[strongSwan] VTI's as initiator?
Ruel, Ryan
rruel at akamai.com
Thu Jul 28 15:27:54 CEST 2016
I’ve tried to force the key in the ipsec.conf connection entry by adding “mark=100” into the connection. When acting as a responder, I didn’t have to do this, strongSwan seems to choose a mark value for me.
With the “mark=100” set, I do see PLUTO_MARK_OUT and PLUTO_MARK_IN get set in the up/down script.
I’ve also added the key back into the up/down script for the “ip link add” command, but I’m still seeing errors in the VTI interface stats when trying to route packets out this interface (errors are incrementing, as well as “carrier”).
Anything else I should check? Any other relevant stats to check?
/Ryan
On 7/28/16, 9:21 AM, "Tobias Brunner" <tobias at strongswan.org> wrote:
Hi Ryan,
> I had to remove the "key" piece of the "ip link add" command, as the
> PLUTO_MARK_OUT and
> PLUTO_MARK_IN variables (which get set when responder) are not set.
> What am I missing?
You answered that question yourself.
Regards,
Tobias
More information about the Users
mailing list