[strongSwan] "signal of type SIGINT received. Shutting down" ?
hoggins at radiom.fr
Thu Jan 25 19:31:54 CET 2018
Le 25/01/2018 à 19:25, Jafar Al-Gharaibeh a écrit :
> On 1/25/2018 11:35 AM, Hoggins! wrote:
>> I'm just trying to make sure that I'm able to fine select different
>> types of traffic on outbound UDP 4500 (we use NAT-T), and right now it
>> seems that I'm still also catching "data" packets.
> If you set the DSCP bit for the IKE packets you should be able to use
> that with "tc", which I'm assuming you use for traffic shaping, to
> set the priority high to get them through. You mentioned that you use
> Which should be all you need in strongSwan config. The other part is
> getting tc configuration right to make sure it does what you think it
> does. You don't need iptables rules.
Actually, I'm first marking packets according to certain rules, and then
matching these marks with tc, but doing it with one additional step
(matching DSCP in iptables, setting a specific mark, then matching this
mark with tc) should be acceptable.
The thing is that I was not sure I was actually able to discriminate
between IKE packets and data packets, but the trick from Simon Deziel
might be very helpful.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 191 bytes
Desc: OpenPGP digital signature
More information about the Users