Had posted this question to ipsec-tools mailing lists but no reply.. so sending on Netfilter list in case someone has a clue. Thx ------- Hi, I am working on a VPN solution where packets entering Linux box are manipulated using IPTables rules (SNAT, DNAT etc.). The nature of this manipulation is such that packets destined for different sites end up getting the same src/dst IP address when they reach the Netfilter POSTROUTING chain. However a different "mark" is set using the IPTables mark target by which packets destined for different sites can be distinguished from one another. Is there a way I can use this mark value while creating security policy using setkey spdadd so that packets are sent over respective tunnels (tunnels are created manually) Thanks in advance Regards Ajay -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
