Hi,
VTI-configured servers (OS CentOS7 updated) according to
https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN. It
works.
Pure IPSec. (without L2TPs)
But periodically customers (dynamic) possess the same subnet.
There is another guide
https://strongswan.org/testing/testresults4/ikev2/nat-two-rw-mark/index.html
It's not convenient for me this static solution (customers now
approximately 15 and names can be changed).
Tried to follow
https://wiki.strongswan.org/projects/strongswan/wiki/Connmark ...
recompile with --enable-connmark
Very simple implementation ... but for unknown for me reasons it has not
worked out.
Tried standard CentOS7 (3.10.0-514.6.1.el7.x86_64) kernel and
4.9.5-1.el7.elrepo.x86_64 keeping in mind that
"/*Disclaimer:* VTI devices are supported since the Linux 3.6 kernel,
but some important changes were added later (3.15+). The information
below might not be accurate for older kernel versions./"
The question: may someone knows the way how to configure marks "on
fly", per customer.
--
Best regards
Oleksandr
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
