[Openswan Users] XFRM policy with mark
patrickn at xelerance.com
Wed Sep 30 11:47:17 EDT 2015
Rescued from the spam bucket. Please remember to subscribe to the mailing list before posting to it.
From: Julian Yang <juliany at vmware.com>
Subject: XFRM policy with mark
Date: September 29, 2015 at 5:58:30 PM EDT
To: "users at lists.openswan.org" <users at lists.openswan.org>
Dear OpenSwan users,
I am working on a project with IPSec and have a question regarding using the “mark” field in security policy.
If I specify the “Mark” value in the security policy, is the Mark value used as part of the lookup key when IPSec looks up SPD? I.e. If I add two policies with identical seclectors but different Mark values, will I get two separate security policies in the SPD?
Btw I also see an error when trying to specify mark in the cli command: can anybody shine some light on it too?
>> ip xfrm policy add src 220.127.116.11/20 dst 18.104.22.168/20 dir fwd tmpl src 22.214.171.124 dst 126.96.36.199 proto esp mode tunnel mark 7 mask 0xffff
>> Error: duplicate "unknown": "mark" is the second value.
Thanks a lot for your help!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users