[Swan] No ipsec0 device with XFRMi
Wolfgang Nothdurft
wolfgang at linogate.de
Mon Aug 10 08:41:35 UTC 2020
Am 30.07.20 um 07:57 schrieb Antony Antony:
> Can you can help create a testcase with fwmark and xfrmi? you are using
> marks with KLIPS? so it is not really configured in ipsec.conf? I wonder how
> that would translate one-to-one.
>
Attached you can find an simplified testcase that corresponds
approximately to what we do.
In this case marking http traffic, to route it on an other interface.
iptables -t mangle -I OUTPUT -p tcp --dport 80 -j MARK --set-mark 0x1
ip ru add prio 1 fwmark 0x1 table 1
ip r add default dev eth0 table 1
This case passes with my example patch when mapping the fwmark to 0x1000000.
Wolfgang
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xfrmi-fwmark-testcase.patch
Type: text/x-patch
Size: 9068 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20200810/c053f909/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2376 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20200810/c053f909/attachment.p7s>
More information about the Swan
mailing list