On Mon, 15 Jul 2019, Paul Overton wrote:
Does the current version of Libreswan support VTI for IPv6 tunnels ?
I don't think so?
I am moving a number of servers to the latest version and switching from KLIPS to Netkey+VTI, and found that one of my IPv6 machines did not create the VTI interface, it is possible also to do a 6 in 4 tunnel using VTI as well.
You should be moving to XFRMi interfaces. libreswan is working on adding support for that (we have an internal partial branch at the moment) Information about XFRMi: https://lwn.net/Articles/757391/ https://libreswan.org/wiki/XFRM_Interface_Development_Notes https://workshop.linux-ipsec.org/2018/slides/IPSec_workshop_presentation_lrk.pdf VTI has several structural limitations, and it will be fully replaced by XFRMi. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
