[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] deprecated hidetos config option
From: Martin Willi <martin () strongswan ! org>
Date: 2014-11-10 9:55:14
Message-ID: 1415613314.3071.26.camel () martin
[Download RAW message or body]
Hi,
> I'm in the process of upgrading a strongswan 4.5.2 to 5.2 and I found
> that the hidetos option field has been deprecated.
AFAIK, the hidetos option had no effect with 4.5.2. Possible that it was
supported by the old KLIPS stack. In XFRM, there is such an option since
Linux 3.10 [1], but we currently don't support it.
> We use the option so the clear packet DSCP set with iptables doesn't
> get removed when the packet gets encrypted.
With XFRM, this is the default, so this might just work.
Regards
Martin
[1]http://comments.gmane.org/gmane.linux.network/259479
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic