[strongSwan] Route-based VPNs, VTIs and unique mark per customer

Oleksandr Yermolenko aae at sumix.com
Mon Jan 23 11:49:34 CET 2017


VTI-configured servers (OS CentOS7 updated) according to 
https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN. It 

Pure IPSec. (without L2TPs)

But periodically customers (dynamic) possess the same subnet.

There is another guide 

It's not convenient for me this static solution (customers now 
approximately 15 and names can be changed).

Tried to follow 
https://wiki.strongswan.org/projects/strongswan/wiki/Connmark ... 
recompile with --enable-connmark

Very simple implementation ... but for unknown for me reasons it has not 
worked out.

Tried standard CentOS7 (3.10.0-514.6.1.el7.x86_64) kernel and 
4.9.5-1.el7.elrepo.x86_64 keeping in mind that

"/*Disclaimer:* VTI devices are supported since the Linux 3.6 kernel, 
but some important changes were added later (3.15+). The information 
below might not be accurate for older kernel versions./"

The question: may someone knows the way how to configure marks "on 
fly",  per customer.


Best regards


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170123/65e0ea73/attachment.html>

More information about the Users mailing list