[Swan] Multiple Route-based VPNs between identical peers
Craig Marker
cmarker at inspeednetworks.com
Tue Feb 7 02:54:27 UTC 2017
> On Feb 6, 2017, at 6:07 PM, Paul Wouters <paul at nohats.ca> wrote:
>
> That's not a full mask, can you instead use:
>
> mark=5/0xffffffff
I updated the marks on all of the connections to follow this format. Still, as soon as I run the command
‘ipsec auto —route’ for the second tunnel on the AWS instance, the first tunnel that was connected and
passing traffic stops doing so.
>
> Similarly for the other marks.
>
>
> I think the wrong mask caused traffic to end up on the wrong IPsec SA.
>
> Paul
More information about the Swan
mailing list