Hi,

I am working on a VPN solution where packets entering Linux box are manipulated using IPTables rules (SNAT, DNAT etc.). The nature of this manipulation is such that packets destined for different sites end up getting the same src/dst IP address when they reach the Netfilter POSTROUTING chain. However a different "mark" is set using the IPTables mark target by which packets destined for different sites can be distinguished from one another. Is there a way I can use this mark value while creating security policy using setkey spdadd so that packets are sent over respective tunnels (tunnels are created manually)

Thanks in advance

Regards
Ajay