> On Feb 6, 2017, at 6:07 PM, Paul Wouters <[email protected]> wrote: > > That's not a full mask, can you instead use: > > mark=5/0xffffffff
I updated the marks on all of the connections to follow this format. Still, as soon as I run the command ‘ipsec auto —route’ for the second tunnel on the AWS instance, the first tunnel that was connected and passing traffic stops doing so. > > Similarly for the other marks. > > > I think the wrong mask caused traffic to end up on the wrong IPsec SA. > > Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
