aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/eap_simaka_sql
diff options
context:
space:
mode:
authorMartin Willi <martin@revosec.ch>2014-11-14 12:57:53 +0100
committerMartin Willi <martin@revosec.ch>2015-02-20 16:34:53 +0100
commitb8973b2661310059f80f2e440cb96cc59b491084 (patch)
tree35ed82cfda53aa42a30154234ef9b636d1eeeb31 /src/libcharon/plugins/eap_simaka_sql
parente1fe2781b04be677ec8245ab51d0aee4f1e4b1c4 (diff)
downloadstrongswan-b8973b2661310059f80f2e440cb96cc59b491084.tar.bz2
strongswan-b8973b2661310059f80f2e440cb96cc59b491084.tar.xz
connmark: Add CONNMARK rules to select correct output SA based on conntrack
Currently supports transport mode connections using IPv4 only, and requires a unique mark configured on the connection. To select the correct outbound SA when multiple connections match (i.e. multiple peers connected from the same IP address / NAT router) marks must be configured. This mark should usually be unique, which can be configured in ipsec.conf using mark=0xffffffff. The plugin inserts CONNMARK netfilter target rules: Any peer-initiated flow is tagged with the assigned mark as connmark. On the return path, the mark gets restored from the conntrack entry to select the correct outbound SA.
Diffstat (limited to 'src/libcharon/plugins/eap_simaka_sql')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-28 10:20:52 +0000