kernel-libipsec: Add an option to allow remote TS to match the IKE peer
authorTobias Brunner <tobias@strongswan.org>
Tue, 13 Aug 2013 15:10:00 +0000 (17:10 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 11 Oct 2013 13:32:44 +0000 (15:32 +0200)
commiteeb34af06936a7de2c66fd2149d9fb55a7ddb6b1
tree2a3b4f94dfe701cee0b08a03b0b61564dc729701
parent80f8b3a6d86bb15b2dca73ad50371a54cb3e5cad
kernel-libipsec: Add an option to allow remote TS to match the IKE peer

Setting the fwmark options for the kernel-netlink and socket-default
plugins allow this kind of setup.

It is probably required to set net.ipv4.conf.all.rp_filter to 2 to make
it work.
man/strongswan.conf.5.in
src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c