diff options
Diffstat (limited to 'roles/common/files/etc/network/if-up.d/ipsec')
| -rwxr-xr-x | roles/common/files/etc/network/if-up.d/ipsec | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/roles/common/files/etc/network/if-up.d/ipsec b/roles/common/files/etc/network/if-up.d/ipsec index a43af6c..db9f979 100755 --- a/roles/common/files/etc/network/if-up.d/ipsec +++ b/roles/common/files/etc/network/if-up.d/ipsec @@ -42,8 +42,8 @@ case "$MODE" in # been SNAT'ed from $ipsec, and didn't have a xfrm # association. Hence we nullroute it to avoid to leak data # intented to be tunneled through IPSec. /!\ The priority - # must be >220 (strongSwan IPSec's policy) since xfrm lookup - # must take precedence. + # must be >220 (which the one used by strongSwan IPSec) since + # xfrm lookup must take precedence. /bin/ip rule add fwmark "$secmark" table 666 priority 666 || true /bin/ip route add prohibit default table 666 || true ;; |