From: Stefan B. <ste...@cu...> - 2013-07-09 18:30:57
|
just for the info, openvpn has an 'passtos' option for this. my understanding is, that the tos bits must be set by the component doing encryption. its the only part in the chain that sees the tos from the cleartext data and has a reference to the encrypted packages. Mit freundlichen Grüßen Stefan Bauer -- Cubewerk GmbH Herzog-Otto-Straße 32 83308 Trostberg 08621 - 99 60 237 HRB 22195 AG Traunstein GF Stefan Bauer Am 09.07.2013 um 20:06 schrieb "Rainer Weikusat" <rwe...@mo...>: > Stephen Clark <scl...@ea...> writes: >> Does someone know how to get the tos bits from the packet being >> encrypted to be copied to the ipsec ip header? > > My crypto-knowledge is somewhat limited but copying a part of the > unencrypted datagram into the outer header and sending it alongside > the encrypted inner datagram seems like a very bad idea to me as this > would mean transmitting the ciphertext and some part of the plaintext > together. > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > Ipsec-tools-devel mailing list > Ips...@li... > https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel |