Thanks. One follow-up question: after I setup a route-based VPN, I don't see any rule with that mark when I do "iptables-save". Am I supposed to find any entry in the iptables?
Thanks, Xinwei On Thu, Feb 9, 2017 at 12:26 PM, Paul Wouters <[email protected]> wrote: > On Thu, 9 Feb 2017, Xinwei Hong wrote: > > mark= >> The mark number to use for this connection's IPsec SA policy. It will be >> used for all instances as well. >> >> in the example, we have: >> >> mark=5/0xffffffff >> How are those numbers used? What do 5 and 0xffffffff mean here? What is >> the guidance to select a number for it? e.g. >> when there are multiple VTIs configured. Does this mark have anything to >> do with mark in iptables? >> > > Its the mark number and mask. Yes these are the same as the mark with > iptables where you can use it. > > Paul >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
