[strongSwan] Linux xfrm integration (was: Linux routing issue)
Carlos G Mendioroz
tron at huapi.ba.ar
Fri Jan 28 20:38:00 CET 2022
Noel Kuntze @ 28/1/2022 16:35 -0300 dixit:
> > So I removed the incoming marking (from mangle) and now instead of
> seeing an incrementing XfrmInTmplMismatch counter, I see an XfrmInNoPols
> > counter, but... state does show incrementing numbers on the lifetime
> counters of both direction SAs:
>
> Yeah, state can be used to decapsulate the packet but then the policy
> check fails so naturally these counters increase.
Why does policy fail ? I have any - any policy !
Oh well, I'm missing things here evidently.
--
Carlos G Mendioroz <tron at huapi.ba.ar> LW7 EQI Argentina
More information about the Users
mailing list