[strongSwan] Route-based VPNs, VTIs and unique mark per customer
Oleksandr Yermolenko
aae at sumix.com
Mon Jan 23 11:49:34 CET 2017
Hi,
VTI-configured servers (OS CentOS7 updated) according to
https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN. It
works.
Pure IPSec. (without L2TPs)
But periodically customers (dynamic) possess the same subnet.
There is another guide
https://strongswan.org/testing/testresults4/ikev2/nat-two-rw-mark/index.html
It's not convenient for me this static solution (customers now
approximately 15 and names can be changed).
Tried to follow
https://wiki.strongswan.org/projects/strongswan/wiki/Connmark ...
recompile with --enable-connmark
Very simple implementation ... but for unknown for me reasons it has not
worked out.
Tried standard CentOS7 (3.10.0-514.6.1.el7.x86_64) kernel and
4.9.5-1.el7.elrepo.x86_64 keeping in mind that
"/*Disclaimer:* VTI devices are supported since the Linux 3.6 kernel,
but some important changes were added later (3.15+). The information
below might not be accurate for older kernel versions./"
The question: may someone knows the way how to configure marks "on
fly", per customer.
--
Best regards
Oleksandr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170123/65e0ea73/attachment.html>
More information about the Users
mailing list