[Openswan Users] XFRM policy with mark
Patrick Naubert
patrickn at xelerance.com
Wed Sep 30 11:47:17 EDT 2015
Rescued from the spam bucket. Please remember to subscribe to the mailing list before posting to it.
From: Julian Yang <juliany at vmware.com>
Subject: XFRM policy with mark
Date: September 29, 2015 at 5:58:30 PM EDT
To: "users at lists.openswan.org" <users at lists.openswan.org>
Dear OpenSwan users,
I am working on a project with IPSec and have a question regarding using the “mark” field in security policy.
If I specify the “Mark” value in the security policy, is the Mark value used as part of the lookup key when IPSec looks up SPD? I.e. If I add two policies with identical seclectors but different Mark values, will I get two separate security policies in the SPD?
Second question:
Btw I also see an error when trying to specify mark in the cli command: can anybody shine some light on it too?
>> ip xfrm policy add src 1.1.1.1/20 dst 2.2.2.2/20 dir fwd tmpl src 192.1.1.1 dst 192.2.2.2 proto esp mode tunnel mark 7 mask 0xffff
>> Error: duplicate "unknown": "mark" is the second value.
Thanks a lot for your help!
Julian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20150930/060d5d17/attachment.html>
More information about the Users
mailing list