[strongSwan] Route-based VPNs, VTIs and unique mark per customer

Noel Kuntze noel at familie-kuntze.de
Sun Jan 29 20:53:55 CET 2017

On 29.01.2017 16:53, Oleksandr Yermolenko wrote:
> but the main problem still exists: Customers can't share the same subnet with mark=%unique too

You can't anyway, without using NETMAP and special iptables rules (to map the conflicting subnets to other, non-conflicting ones).
If it can work at all, depends on your iptables setup.


Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170129/0a24eef9/attachment.sig>

More information about the Users mailing list