| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | connmark: Add CAP_NET_RAW to capabilities keep list | Tim Kent | 2016-10-25 | 1 | -0/+6 |
| | | | | | | | | | | Fix for "Permission denied (you must be root)" error when calling iptc_init(), which opens a RAW socket to communicate with the kernel, when built with "--with-capabilities=libcap". Closes strongswan/strongswan#53. Fixes #2157. | ||||
| * | connmark: Add CONNMARK rules to select correct output SA based on conntrack | Martin Willi | 2015-02-20 | 1 | -0/+22 |
| | | | | | | | | | | | | | | | Currently supports transport mode connections using IPv4 only, and requires a unique mark configured on the connection. To select the correct outbound SA when multiple connections match (i.e. multiple peers connected from the same IP address / NAT router) marks must be configured. This mark should usually be unique, which can be configured in ipsec.conf using mark=0xffffffff. The plugin inserts CONNMARK netfilter target rules: Any peer-initiated flow is tagged with the assigned mark as connmark. On the return path, the mark gets restored from the conntrack entry to select the correct outbound SA. | ||||
| * | connmark: Add a plugin stub | Martin Willi | 2015-02-20 | 1 | -0/+83 |
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |