Project

General

Profile

Issue #1507

forecast plugin always used when XFRM mark is enabled

Added by Stijn Tintel over 5 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
configuration
Affected version:
5.4.0
Resolution:
No change required

Description

The Forecast wiki page says it is used on any SA negotiated that uses a unique mark, and in the example config shows mark=%unique, but it is also used when not using the special value %unique (e.g. mark=2). The forecast plugin installs iptables rules in the mangle table, and they break my VTI tunnels.

History

#1 Updated by Tobias Brunner over 5 years ago

  • Status changed from New to Feedback

Yes, any connection that has marks set will be handled by the plugin. So I suggest you disable the plugin if you don't need it.

#2 Updated by Noel Kuntze over 4 years ago

  • Category set to configuration
  • Status changed from Feedback to Closed
  • Resolution set to No change required

Also available in: Atom PDF