Hi guys,
I used to add a <app:ds:custom> custom <app:ds:made> eap-aka plugin at the
old strongswan version(4.3.4).
And now I want to use the xfrm MARK function in the 4.3.4 version.
So I merged the mark related code from 4.4.1 to the 4.3.4 version with the
reference of revision ee26c537 and revision 26c4d010.
After that, I have tried to setup a host-host tunnel with mark support, but
the strongswan output some error:
received netlink error: Numerical result out of range (34)
the whole log and ipsec.conf is below.
ipsec.conf of host A:
config setup
strictcrlpolicy=no
plutostart=no
conn %default
ike=3des-sha1-modp1024,aes-sha1-modp1024,null-sha1-modp1024,3des-sha1-modp20
48,aes-sha1-modp2048,null-sha1-modp2048!
esp=null-sha1,aes-sha1,3des-sha1!
ikelifetime=24h
keylife=12m
keyexchange=ikev2
dpdaction=clear
dpddelay=20m
conn host-host
left=172.19.2.101
leftid=www.hostA.org
leftcert=/etc/ipsec.d/certs/hostA.pem
leftfirewall=yes
mark=20
right=172.19.4.166
rightid=www.hostB.org
rightcert=/etc/ipsec.d/certs/ hostB.pem
rightsendcert=never
auto=start
ipsec.conf of host B:
config setup
strictcrlpolicy=no
plutostart=no
keep_alive=3m
conn %default
ike=aes-sha1-modp1024!
esp=aes-sha1!
ikelifetime=1440m
keylife=12m
rekeymargin=3m
keyingtries=1
reauth=no
keyexchange=ikev2
dpdaction=clear
dpddelay=10m
conn host-host
left=172.19.4.166
leftcert=/etc/ipsec.d/certs/hostB.pem
right=172.19.2.101
rightsubnet=0.0.0.0/0
mark=20
auto=add
leftid=www.hostB.org
rightid=www.hostA.org
log on host A and B is attached.
Thanks and regards,
Ethan
host A charon.out
Description: Binary data
host B charon.out
Description: Binary data
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
