[strongSwan] "signal of type SIGINT received. Shutting down" ?
Hoggins!
hoggins at radiom.fr
Thu Jan 25 19:31:54 CET 2018
Le 25/01/2018 à 19:25, Jafar Al-Gharaibeh a écrit :
>
> On 1/25/2018 11:35 AM, Hoggins! wrote:
>> I'm just trying to make sure that I'm able to fine select different
>> types of traffic on outbound UDP 4500 (we use NAT-T), and right now it
>> seems that I'm still also catching "data" packets.
>
> If you set the DSCP bit for the IKE packets you should be able to use
> that with "tc", which I'm assuming you use for traffic shaping, to
> set the priority high to get them through. You mentioned that you use
>
> ikedscp=101110
>
> Which should be all you need in strongSwan config. The other part is
> getting tc configuration right to make sure it does what you think it
> does. You don't need iptables rules.
>
> --Jafar
>
>
Actually, I'm first marking packets according to certain rules, and then
matching these marks with tc, but doing it with one additional step
(matching DSCP in iptables, setting a specific mark, then matching this
mark with tc) should be acceptable.
The thing is that I was not sure I was actually able to discriminate
between IKE packets and data packets, but the trick from Simon Deziel
might be very helpful.
Thanks !
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180125/e02b37e0/attachment.sig>
More information about the Users
mailing list