<div dir="ltr"><div><br></div>I was able to start pluto but i didn't see the mark in the xfrm policies once the connection was established<div><br></div><div>Here is my connection setup</div><div><br></div><div><br></div><div><div>conn connWithMark</div><div> connaddrfamily=ipv4</div><div> auto=add</div><div> left=192.168.100.121</div><div> leftid=<my public></div><div> leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a></div><div> rightsubnet=<a href="http://172.16.0.0/016">172.16.0.0/016</a></div><div> rightid=</div><div> right=</div><div> mark=1/1</div><div> forceencaps=yes</div><div> authby=secret</div><div> pfs=yes</div><div> type=tunnel</div><div> ike=aes128-sha1;modp1024</div><div> phase2alg=aes128-sha1;modp1024</div><div> keyingtries=5</div><div> dpddelay=30</div><div> dpdtimeout=120</div><div> dpdaction=restart_by_peer</div></div><div><br></div><div>The connection was established and the xfrm policies are as follows...</div><div><br></div><div><div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a href="http://172.16.0.0/16">172.16.0.0/16</a></div><div><span class="" style="white-space:pre"> </span>dir out priority 3120</div><div><span class="" style="white-space:pre"> </span>tmpl src 192.168.100.121 dst <dst public ip></div><div><span class="" style="white-space:pre"> </span>proto esp reqid 16393 mode tunnel</div><div>src <a href="http://172.16.0.0/16">172.16.0.0/16</a> dst <a href="http://0.0.0.0/0">0.0.0.0/0</a></div><div><span class="" style="white-space:pre"> </span>dir fwd priority 3120</div><div><span class="" style="white-space:pre"> </span>tmpl src <dst public ip> dst 192.168.100.121</div><div><span class="" style="white-space:pre"> </span>proto esp reqid 16393 mode tunnel</div><div>src <a href="http://172.16.0.0/16">172.16.0.0/16</a> dst <a href="http://0.0.0.0/0">0.0.0.0/0</a></div><div><span class="" style="white-space:pre"> </span>dir in priority 3120</div><div><span class="" style="white-space:pre"> </span>tmpl src <dst public ip> dst 192.168.100.121</div><div><span class="" style="white-space:pre"> </span>proto esp reqid 16393 mode tunnel</div></div><div><br></div><div><div>I thought i should see the xfrm mark option in the classification </div></div><div><br></div><div>from the ip xfrm man page....</div><div><br></div><div><div>ip xfrm policy { add | update } SELECTOR dir DIR [ ctx CTX ] <span style="background-color:rgb(224,102,102)">[ mark MARK [ mask MASK ] ]</span> [ index INDEX ] [ ptype PTYPE ] [ action ACTION ] [ priority PRIORITY ] [ flag FLAG-LIST ] [ LIMIT-LIST ] [ TMPL-LIST ]</div></div><div><br></div><div>Any feedback will be appreciated</div><div><br></div><div>Amir</div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div style="color:rgb(0,0,0)"><div style="color:rgb(136,136,136);font-size:12.8000001907349px"><b><font color="#000000"><span>Amir</span> Naftali</font></b> | <b><font face="arial, helvetica, sans-serif"><font color="#0000ff">CTO and Co-Founder</font> | </font>+972 54 497 2622</b></div><div style="color:rgb(136,136,136);font-size:12.8000001907349px"><br></div><div style="color:rgb(136,136,136);font-size:12.8000001907349px"><a href="http://www.fortycloud.com/?utm_campaign=amir_email&utm_medium=email&utm_source=signature&utm_content=link&utm_term=amir_sig" style="color:rgb(0,0,255);font-family:'Courier New';font-size:14px;line-height:21px" target="_blank"><img align="none" height="37" src="https://gallery.mailchimp.com/805c65e3dbe647f677fe8ee38/images/bde29e88-9385-4f4b-ae97-60c704de1547.png" width="200" alt="" style="width:200px;min-height:37px;margin:0px"></a><br></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Wed, Nov 4, 2015 at 8:30 AM, Amir Naftali <span dir="ltr"><<a href="mailto:amir@fortycloud.com" target="_blank">amir@fortycloud.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">excellent, will look into it today</div><div class="gmail_extra"><span class=""><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><div style="color:rgb(0,0,0)"><div style="color:rgb(136,136,136);font-size:12.8000001907349px"><b><font color="#000000"><span>Amir</span> Naftali</font></b> | <b><font face="arial, helvetica, sans-serif"><font color="#0000ff">CTO and Co-Founder</font> | </font><a href="tel:%2B972%2054%20497%202622" value="+972544972622" target="_blank">+972 54 497 2622</a></b></div><div style="color:rgb(136,136,136);font-size:12.8000001907349px"><br></div><div style="color:rgb(136,136,136);font-size:12.8000001907349px"><a href="http://www.fortycloud.com/?utm_campaign=amir_email&utm_medium=email&utm_source=signature&utm_content=link&utm_term=amir_sig" style="color:rgb(0,0,255);font-family:'Courier New';font-size:14px;line-height:21px" target="_blank"><img align="none" height="37" src="https://gallery.mailchimp.com/805c65e3dbe647f677fe8ee38/images/bde29e88-9385-4f4b-ae97-60c704de1547.png" width="200" alt="" style="width:200px;min-height:37px;margin:0px"></a><br></div></div></div></div></div></div></div>
<br></span><div><div class="h5"><div class="gmail_quote">On Wed, Nov 4, 2015 at 6:53 AM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@nohats.ca" target="_blank">paul@nohats.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On Tue, 3 Nov 2015, Amir Naftali wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Up to that commit (not including), running "make build & install" does the magic and everything works<br>
ok.<br>
</blockquote>
<br>
</span><span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Nov 1 13:11:13 ip-192-168-100-119 ipsec_starter[8920]: connect(pluto_ctl) failed: Invalid argument<br>
<br>
</blockquote>
<br></span>
I just pushed a fix to git for this. Let me know if that resolves it for<br>
you.<span><font color="#888888"><br>
<br>
Paul<br>
</font></span></blockquote></div><br></div></div></div>
</blockquote></div><br></div>