Here is an update from my side. I rebased the branch. It seems to pass test cases, console output need fixing due to changes master.
I briefly saw on Paul's laptop xfrmi did not work for him. I tried to reproduce it no luck so far. May be something to do with WiFi and other interfaces? I need more details for this case. the keyword parsing at them moment is a bit odd. ipsec-interface=yes|no|<n in hex> It would be nice to allow decimal numbers. On the other hand we can probably start with hex:) and fix it soon. If you have specific use cases that need routed vpn please test and give feed back. I am not confident to merge to master. The updown script need more testing. -antony test run: PS https://swantest.libreswan.fi/s2/v3.28-1263-gc1acc431aa-xfrmi-tesrun/ On Mon, Nov 04, 2019 at 01:24:46PM +0100, Antony Antony wrote: > Initial support for ipsec device for Libreswan using Linux XFRMi. The > kernel support was introduced in 4.19. E.g Fedora 30, or you need 4.19 or > later kernel and the matching header files to compile this branch. > > Please test it if you can, also it would be great to receive feedback on > this development branch. > > Hopefully it would get merged into libresan 3.30 or 3.31. > > To get the source code #xfrmi > git clone -b xfrmi https://github.com/antonyantony/libreswan > > more details about XFRMi https://libreswan.org/wiki/Route-based_XFRMi The > configuration and keyword is likely change. Now it is > > "ipsec-interface=yes", "yes|no|<n>" option. > > I am also hopping to make this work for advanced route based VPN use cases. > That may need changes to pluto's idea route, back in the days "route" was > destination only. Currently with iproute2 we can do more advanced things > such as source and destination based routing. > > Anyone using systemd-networkd here? I think it can support xfrm type device. > Let me know if you can test systemd-networkd support. Also OpenWRT is known > to have xfrm device support. > > regards, > -antony > _______________________________________________ > Swan-dev mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan-dev _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
