Re: [Swan] RES: feature request - route based (vti) vpn - ip address on tunnel interfaces

2016-09-16 Thread Bruno Lopes de Souza Benchimol 
Dear Paul,

 That's correct. The tunnel will be able to pass anything (0.0.0.0/0), and then 
the routing protocol will decide. 

That's also open up many deployment scenarios, based on individual needs: 

On my setup here i tried the following working scenario w/ BGP:
a) inject default route on remote end.
b) inject routes (eg. 66.66.66.0/24) on the remote end
c) inject routes (eg 77.77.77.0/24) on the hub end.

Best regards,

De: Paul Wouters 
Enviado: quarta-feira, 14 de setembro de 2016 13:13
Para: Bruno Lopes de Souza Benchimol
Cc: swan@lists.libreswan.org
Assunto: Re: RES: [Swan] feature request - route based (vti) vpn - ip address 
on tunnel interfaces

On Tue, 6 Sep 2016, Bruno Lopes de Souza Benchimol wrote:

>  Im also glad to hear that you also think its a cool feature to add. Im not 
> exactly a developer but i think that should be fairly easy to devel. I wish i 
> could help more on the code part, but i can help on testing it.
>

I'm still trying to understand the deployment here. Am I correct in that
you setup an IPsec 0.0.0.0/0 to 0.0.0.0/0 tunnel between the two IP
addresses on the VTI interface? And that the routing daemons will
then just add routes? Eg if the routing daemons want to send traffic
for 66.66.66.0/24 to the other end, it will just route it to the
remote VTI IP via dev vti0 ?

>  Do you think we can get it on a roadmap to implement on a next version?

I think so. I'd like to add it for libreswan-3.19

Paul

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan

[Swan-commit] Changes to ref refs/heads/master

2016-09-16 Thread Kim B. Heino 
New commits:
commit 52149be911e14dc3f89d8d0c1e0742954a35dbba
Author: Kim B. Heino 
Date:   Fri Sep 16 10:31:11 2016 +0300

pluto: do first crl update 5s after startup, then in crlcheckinterval 
intervals

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit