User Details
- User Since
- Nov 4 2016, 8:55 AM (410 w, 6 d)
Yesterday
So I investigated further and it is like this in jool:
mark is only used to select between pool4 instances.
Tue, Sep 3
This made it possible to commit the change
Additionally I set a pbr rule like this:
vyos@vyos# show policy route6 route6 pbr6 { interface bond0.1001 interface bond0.1002 interface bond0.1003 rule 10 { destination { address 64:ff9b::/96 } set { mark 1064 } } }
This should only mark traffic going to the nat64 prefix.
however as far as I can see all traffic is still going through/to jool and the "match mark" is ignored.
Where would I be able to verify if it has been set in the backend configs?
Tue, Aug 27
Jul 30 2024
Nov 4 2016
I have a similar problem, since 1.1.7 PFS in phase 2 is not working.
"Oakley Transform [AES_CBC (256), HMAC_SHA2_256, (null)] refused due to strict flag."
As you can see there is no pfs proposal sent by 1.1.7.
The same with a tunnel between 1.1.7 and pfsense 2.3.2.
When activating PFS on both there is no matching proposal, when disabling PFS on pfSense a proposal is found.