Eyal Birger 32e5c49234 child-sa: Allow requesting different unique marks for in/out ... When requiring unique flags for CHILD_SAs, allow the configuration to request different marks for each direction by using the %unique-dir keyword. This is useful when different marks are desired for each direction but the number of peers is not predefined. An example use case is when implementing a site-to-site route-based VPN without VTI devices. A use of 0.0.0.0/0 - 0.0.0.0/0 traffic selectors with identical in/out marks results in outbound traffic being wrongfully matched against the 'fwd' policy - for which the underlay 'template' does not match - and dropped. Using different marks for each direction avoids this issue as the 'fwd' policy uses the 'in' mark will not match outbound traffic. Closes strongswan/strongswan#78.		2017-08-07 14:22:27 +02:00
..
commands	swanctl: Use returned key ID to track loaded private keys	2017-05-23 16:41:02 +02:00
.gitignore	swanctl: Add a swanctl command overview manpage	2014-05-07 15:48:17 +02:00
Makefile.am	swanctl: Include config snippets from conf.d subdirectory	2017-07-27 13:20:24 +02:00
command.c	swanctl: Read default socket from swanctl.socket option	2017-07-27 13:22:57 +02:00
command.h	swanctl: Add --rekey command	2017-02-16 19:24:09 +01:00
swanctl.8.in	swanctl: Add --rekey command	2017-02-16 19:24:09 +01:00
swanctl.c	swanctl: Increase default debug level to 1	2014-05-14 16:28:01 +02:00
swanctl.conf.5.head.in	swanctl: Mention including files when referring to strongswan.conf(5)	2017-03-23 18:27:05 +01:00
swanctl.conf.5.tail.in	swanctl: Generate swanctl.conf(5) man page	2014-05-07 15:48:16 +02:00
swanctl.h	swanctl: Add 'private' directory/section to load any type of private key	2016-10-05 11:33:36 +02:00
swanctl.opt	child-sa: Allow requesting different unique marks for in/out	2017-08-07 14:22:27 +02:00