From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 5 Aug 2017 10:11:44 +0000 (+0000)
Subject: ipsec: Only set traffic selector marks in VTI mode
X-Git-Tag: 009~38
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8af222361fad8dcb58e5285d0f0aedc63d78e65c;p=network.git

ipsec: Only set traffic selector marks in VTI mode

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/functions/functions.ipsec b/src/functions/functions.ipsec
index 53b431cf..4b8ce1bf 100644
--- a/src/functions/functions.ipsec
+++ b/src/functions/functions.ipsec
@@ -1235,10 +1235,14 @@ _ipsec_connection_to_strongswan_connection() {
 	print
 
 	# Netfilter Marks
-	print_indent 4 "# Netfilter Marks"
-	print_indent 4 "mark_in = %unique"
-	print_indent 4 "mark_out = %unique"
-	print
+	case "${MODE}" in
+		vti)
+			print_indent 4 "# Netfilter Marks"
+			print_indent 4 "mark_in = %unique"
+			print_indent 4 "mark_out = %unique"
+			print
+			;;
+	esac
 
 	# Dead Peer Detection
 	if enabled dpd; then