On Thu, 20 Sep 2018, Toerless Eckert wrote:
Is VTI with IPv6 supposed to be working ?
Apparently kernel VTI is known to not work with IPv6 at all. The
replacement kernel code (XFRMi interfaces) will address that.
Paul
___
Swan mailing list
On Fri, 5 Oct 2018, Johannes C. Schulz wrote:
$ ip route
default via 192.168.42.129 dev enp0s12u2 proto dhcp metric 100
xx.yyy.zzz.vv dev vti0 scope link
I don't see a src entry here. If the source ip is not the default IP,
then you're in trouble because it would use
Hi Paul
Thanks for your answer. But sadly, this did not help.
$ ip route
default via 192.168.42.129 dev enp0s12u2 proto dhcp metric 100
xx.yyy.zzz.vv dev vti0 scope link
169.254.0.0/16 dev enp0s12u2 scope link metric 1000
192.168.42.0/24 dev enp0s12u2 proto kernel scope link src 192.168.42.91
| From: Paul Wouters
| Sure. We need support for .mobileconfig support so people can just
| import that on Linux as well as Apple devices. I don't know how to
| create a "profile" for Windows. I would be nice if we could do that
| too.
Fine. But that isn't what I asked for.
To be at
> To be at feature-parity with WireGuard, we don't need to interoperate.
> Simple(!!!) libreswan to libreswan is what is required.
I agree totally here.
I tried to copy-paste commands from that "VPN server for remote clients
using IKEv2" page, it doesn't work:
-
# certutil -N -d
On Fri, 5 Oct 2018, D. Hugh Redelmeier wrote:
To be at feature-parity with WireGuard, we don't need to interoperate.
Simple(!!!) libreswan to libreswan is what is required.
The Wireguard is feature is not having features. They will grow their
warts later on in life.
Did I say "simple" often
On Fri, 5 Oct 2018, Kim B. Heino wrote:
All those "~" must be changed to "$HOME". I don't have the power to do
that. Somebody please fix?
Someone did.
I agree the certificate generation stuff is not user friendly, which is
why we did the webgui thing. I'm still waiting on the packages so I
> > I keep seeing people, in various venues, saying that wireshark is
> > wonderful.
Same is also true for openvpn vs libreswan.
> > Paul (or anyone else): can you create simple instructions for
> > setting up a VPN that has feature-parity with Wireshark?
>
>
On Fri, 5 Oct 2018, Kim B. Heino wrote:
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
Problems with that page, when comparing to wireguard/openvpn setup
guides:
- too long
- looks way too complex
- looks scary ("change registry key or it's insecure!!!")
- hard to find: