Initial support for ipsec device for Libreswan using Linux XFRMi. The kernel support was introduced in 4.19. E.g Fedora 30, or you need 4.19 or later kernel and the matching header files to compile this branch.
Please test it if you can, also it would be great to receive feedback on this development branch. Hopefully it would get merged into libresan 3.30 or 3.31. To get the source code #xfrmi git clone -b xfrmi https://github.com/antonyantony/libreswan more details about XFRMi https://libreswan.org/wiki/Route-based_XFRMi The configuration and keyword is likely change. Now it is "ipsec-interface=yes", "yes|no|<n>" option. I am also hopping to make this work for advanced route based VPN use cases. That may need changes to pluto's idea route, back in the days "route" was destination only. Currently with iproute2 we can do more advanced things such as source and destination based routing. Anyone using systemd-networkd here? I think it can support xfrm type device. Let me know if you can test systemd-networkd support. Also OpenWRT is known to have xfrm device support. regards, -antony _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
