[Swan] mark in route-based VPN
Xinwei Hong
xhong at skytap.com
Thu Feb 9 20:42:51 UTC 2017
Thanks. One follow-up question: after I setup a route-based VPN, I don't
see any rule with that mark when I do "iptables-save". Am I supposed to
find any entry in the iptables?
Thanks,
Xinwei
On Thu, Feb 9, 2017 at 12:26 PM, Paul Wouters <paul at nohats.ca> wrote:
> On Thu, 9 Feb 2017, Xinwei Hong wrote:
>
> mark=
>> The mark number to use for this connection's IPsec SA policy. It will be
>> used for all instances as well.
>>
>> in the example, we have:
>>
>> mark=5/0xffffffff
>> How are those numbers used? What do 5 and 0xffffffff mean here? What is
>> the guidance to select a number for it? e.g.
>> when there are multiple VTIs configured. Does this mark have anything to
>> do with mark in iptables?
>>
>
> Its the mark number and mask. Yes these are the same as the mark with
> iptables where you can use it.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20170209/b1f2cc15/attachment.html>
More information about the Swan
mailing list