On Tue, 23 Jan 2018, Sowmini Varadhan wrote:
vxlan tunnels an L2 frame over udp. (rfc 7348)
Ahh. I see.
are you planning on applying ipsec to the vxlan'ed frame? If yes, you'd have to set up your swan tunnel config for something like leftprotoport=udp/4789 and rightprotoport=udp/4789 (you'd need 2 tunnels per peering pair)
Why two? Are both peers using an ephemeral souce port? If it is port 4789 to port 4789, wouldn't one tunnel be enough? Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
