ipsec: Only set traffic selector marks in VTI mode

author Michael Tremer <michael.tremer@ipfire.org>

Sat, 5 Aug 2017 10:11:44 +0000 (10:11 +0000)

committer Michael Tremer <michael.tremer@ipfire.org>

Sat, 5 Aug 2017 10:11:44 +0000 (10:11 +0000)
author Michael Tremer <michael.tremer@ipfire.org>
Sat, 5 Aug 2017 10:11:44 +0000 (10:11 +0000)
committer Michael Tremer <michael.tremer@ipfire.org>
Sat, 5 Aug 2017 10:11:44 +0000 (10:11 +0000)
diff --git a/src/functions/functions.ipsec b/src/functions/functions.ipsec

index 53b431cf2b91a86a617a4ccda311460474f3292d..4b8ce1bf5666bf42b0d9530d7192f14583fecfbf 100644 (file)
--- a/src/functions/functions.ipsec
+++ b/src/functions/functions.ipsec
@@ -1235,10 +1235,14 @@ _ipsec_connection_to_strongswan_connection() {
         print
  
         # Netfilter Marks
-       print_indent 4 "# Netfilter Marks"
-       print_indent 4 "mark_in = %unique"
-       print_indent 4 "mark_out = %unique"
-       print
+       case "${MODE}" in
+               vti)
+                       print_indent 4 "# Netfilter Marks"
+                       print_indent 4 "mark_in = %unique"
+                       print_indent 4 "mark_out = %unique"
+                       print
+                       ;;
+       esac
  
         # Dead Peer Detection
         if enabled dpd; then
author	Michael Tremer <michael.tremer@ipfire.org>
	Sat, 5 Aug 2017 10:11:44 +0000 (10:11 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Sat, 5 Aug 2017 10:11:44 +0000 (10:11 +0000)