[Openswan Users] XFRM policy with mark

Patrick Naubert patrickn at xelerance.com
Wed Sep 30 11:47:17 EDT 2015

Rescued from the spam bucket.  Please remember to subscribe to the mailing list before posting to it.

From: Julian Yang <juliany at vmware.com>
Subject: XFRM policy with mark
Date: September 29, 2015 at 5:58:30 PM EDT
To: "users at lists.openswan.org" <users at lists.openswan.org>

Dear OpenSwan users,

  I am working on a project with IPSec and have a question regarding using the “mark” field in security policy. 

If I specify the “Mark” value in the security policy, is the Mark value used as part of the lookup key when IPSec  looks up SPD?  I.e. If I add two policies with identical seclectors  but different Mark values, will I get two separate security policies in the SPD?  

Second question: 

 Btw I also see an error when trying to specify mark in the cli command:  can anybody shine some light on it too? 

>>  ip xfrm policy add src dst dir fwd  tmpl src dst proto esp mode tunnel mark 7 mask 0xffff
>> Error: duplicate "unknown": "mark" is the second value.

Thanks a lot for your help!


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20150930/060d5d17/attachment.html>

More information about the Users mailing list