Thanks Tom. Do I have to sit on anyone's knee? :-)
Bill
On 11/29/2016 6:37 PM, Tom Eastep wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 11/29/2016 06:56 AM, Bill Shirley wrote:
>> Santa, add to my Christmas wish list: the switch test in the mangle
>> table. I have two sites (SiteA and SiteB) both using IPSEC. SiteA
>> has two internet providers (A1 and A2) SiteB, also, has two ISPs
>> (B1 and B2)
>>
>> In my mangle table I have to decide which pair to send traffic
>> over: ?COMMENT -vpn- mark for encryption # these are in reverse
>> preference #$SiteB_VPN1_FWMARK/$CONNMASK $FW +$SiteB_VPN1_IPSET
>> { test=$SiteB_VPN_GRP_MARK/$CONNMASK:C } # A1 <-> B1
>> $SiteB_VPN2_FWMARK/$CONNMASK $FW +$SiteB_VPN2_IPSET {
>> test=$SiteB_VPN_GRP_MARK/$CONNMASK:C } # A2 <-> B2
>> $SiteB_VPN1_FWMARK/$CONNMASK $FW +$SiteB_VPN1_IPSET {
>> test=$SiteB_VPN_GRP_MARK/$CONNMASK:C } # A1 <-> B1 So the
>> preferred flow is over A1 <-> B1. However if that flow goes
>> flakey, currently I un-comment the first rule and comment the third
>> rule so the preferred flow is now over A2 <-> B2. If I could add a
>> switch to the third rule (switch=VPN_prefer_A=1) then I wouldn't
>> have to edit the mangle table to change preferred flows. Similar
>> rules are in prerouting.
> Will be in the upcoming Shorewall 5.1.0 release.
>
>> I'd also like a shinny new red wagon and maybe some cash. :-)
>>
> You will have to ask the other Santa Claus for those :-)
>
> - -Tom
> - --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJYPhFQAAoJEJbms/JCOk0QdQoP/iKObLTFY0cUKkYsDYTl9aHx
> Li/RlroYUoh4WArzEYFUnfacS/HfiDU6uAOoZfS+tnO9VYEV1a1uvBFBjo/kTxyD
> CriDj/OUl27UfZt28kkZp90e1QwKN//Ewd2JiOnL6B44eM/WIVObPCoxUNAYl6X9
> n+KIv7ncr8heWvOjtstCquBJbrYmaXWxGjuZDlWcHVIMc76cdSO/vYVQGq4q0bun
> K/QBMCYV6G+Z7NsNTA78iNF1h6ucQiM3LEza+XEeUZZgeR1nvLpGS2k91XAQ8tVO
> 7nKpsF/AhdhujOWy3bq3b0kt8dA7TpV/IJRtAE0fLqQMoDLs2o/lydwBk1TxXgYE
> ldJL9UdvduGT7u2CX7NUECFQ7tjRYyanSkHLc6yL/YAJBghymueszjff3frix+d6
> GkI/pmdVDUeTmA6c2GxtI0aGwKg7HxMDKbMgBrF9dH0MjhZ+rd5soI4qyBesByE+
> JPRz519xtYq0HfbOPOJU9PD6KNmgwApVIcm8EAdhtiOg4tSrqfAiBHqsbsm1Viwu
> SKtgOrQzhSNJ/O09CKKcx7dgnMXVSqw97fIwEGH9i7T4p5fM9pvPOtfchG+mkXzv
> R1+zM5xvfx4mutvNFWCnmJR2gzHa8d/+Lh5I0p1w4aFMzgKcYwZZCNebJ2BPTUkK
> C9YXue1rQGTUQ0yb0Y/z
> =/9O7
> -----END PGP SIGNATURE-----
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
