Merge branch 'fwmarks'
Allows setting a mark on outbound packets and the routing rule
installed by charon. With those settings it is possible to setup
tunnels with kernel-libipsec where the remote peer is part of the remote
traffic selector.
The following example settings in strongswan.conf show how this can be
configured:
charon {
plugins {
kernel-netlink {
fwmark = !0x42
}
socket-default {
fwmark = 0x42
}
kernel-libipsec {
allow_peer_ts = yes
}
}
}
To make it work it is necessary to set
net.ipv4.conf.all.rp_filter
appropriately, otherwise the kernel drops the packets.
References #380.