On Fri, Jan 05, 2018 at 01:41:46AM +0900, Lorenzo Colitti wrote:
> On Wed, Jan 3, 2018 at 9:10 PM, Steffen Klassert
> wrote:
> > The fact that you need new keyed VTIs looks a bit like a workaround
> > of the design limitations the VTI interfaces have. Unfortunately
> > this is not the only limitat
On Wed, Jan 3, 2018 at 9:10 PM, Steffen Klassert
wrote:
> The fact that you need new keyed VTIs looks a bit like a workaround
> of the design limitations the VTI interfaces have. Unfortunately
> this is not the only limitation of VTI and I think we don't get what
> we really want by changing VTI w
On Thu, Dec 21, 2017 at 02:06:00AM +0900, Lorenzo Colitti wrote:
> When using IPsec tunnel mode, VTIs provide many benefits compared
> to direct configuration of xfrm policies / states. However, one
> limitation is that there can only be one VTI between a given pair
> of IP addresses. This does not
When using IPsec tunnel mode, VTIs provide many benefits compared
to direct configuration of xfrm policies / states. However, one
limitation is that there can only be one VTI between a given pair
of IP addresses. This does not allow configuring multiple IPsec
tunnels to the same security gateway. T
