[strongSwan] "signal of type SIGINT received. Shutting down" ?
Hoggins!
hoggins at radiom.fr
Fri Jan 26 10:12:42 CET 2018
Here is what I used, and it's correctly matching :
iptables -A OUTPUT -p udp -m udp --dport 4500 -m u32 --u32
"28&0xFFFFFFFF=0x0" -j MARK <my mark>
Thanks again !
Le 25/01/2018 à 19:22, Simon Deziel a écrit :
> On 2018-01-25 12:35 PM, Hoggins! wrote:
>> I'm just trying to make sure that I'm able to fine select different
>> types of traffic on outbound UDP 4500 (we use NAT-T), and right now it
>> seems that I'm still also catching "data" packets.
> Maybe you can configure IPtables to look for those 4 bytes of 0s [1]
> when the UDP/4500 packet is an IKE one?
>
> [1]
> https://docs.microsoft.com/en-us/windows-hardware/drivers/network/udp-esp-encapsulation-types
>
> HTH,
> Simon
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180126/e203406c/attachment.sig>
More information about the Users
mailing list