Continuing: I believe the correct key work for specifying the XRFMi ipsec interface IP is: interface-ip preceded by either right or left. However presently when specified this comes up as obsolete.
I don't see any alternative options in the code to replace this. In the CHANGES document, it is suggested that the new command is "iface-ip" but there is no code to support this so far as I can see. Do we assume that the code to do this has not yet been written ? Regards Paul -----Original Message----- From: Swan [mailto:[email protected]] On Behalf Of Paul Overton Sent: 19 February 2020 11:11 To: Paul Wouters <[email protected]> Cc: [email protected] Subject: Re: [Swan] Version 3.30 XFRM implementation Thanks Paul, Some progress, it seems that the iface-ip= directive is causing the failure to start, if I don't include this directive, and only use ipsec-interface=yes An interface ipsec1 is created and the tunnels are created, but the interface does not have a local IP address. I can add this after though. This is the error I get when including the iface-ip= statement: cannot load config '/etc/ipsec.conf': /etc/ipsec.d/connections.conf:26: syntax error, unexpected STRING [iface-ip] I have tried adding a number of ipsec interfaces, it would appear the 2 per external interface is the limit. Regards Paul -----Original Message----- From: Paul Wouters [mailto:[email protected]] Sent: 18 February 2020 17:18 To: Paul Overton <[email protected]> Cc: [email protected] Subject: Re: [Swan] Version 3.30 XFRM implementation On Tue, 18 Feb 2020, Paul Overton wrote: > I have just updated one of my machines to run Version 3.30 from 3.29. > I would like to change this to use XFRM, and note the new directives > ipsec-interface= and iface-ip=, I have tried using these directives, but > Pluto hangs on restart when I try. We have not experienced that. Can you perhaps get more logs and/or strace output to see what's going on? > Are there any definitive instructions/examples of the configuration > and do I need to preload any of the kernel modules ? if you run with our init system support, which calls _stackmanager, then it should already load the xfrm_interface.ko module. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
