On 1/25/2018 11:35 AM, Hoggins! wrote:
I'm just trying to make sure that I'm able to fine select different
types of traffic on outbound UDP 4500 (we use NAT-T), and right now it
seems that I'm still also catching "data" packets.
If you set the DSCP bit for the IKE packets you should be able to use
that with "tc", which I'm assuming you use for traffic shaping, to set
the priority high to get them through. You mentioned that you use
ikedscp=101110
Which should be all you need in strongSwan config. The other part is
getting tc configuration right to make sure it does what you think it
does. You don't need iptables rules.
--Jafar
