On Wed, 19 Feb 2020, Paul Overton wrote:
I believe the correct key work for specifying the XRFMi ipsec interface IP is:
interface-ip preceded by either right or left. However presently when specified
this comes up as obsolete.
Yes, iface-ip was an internal name only. We renamed it. And indeed it
is leftinterface-ip= / rightinterfaceip= but it was not clear to me
this was the outcome of our internal discussion on whether it should be
left/right or not.
And is was mistakebly marked as "obsolete".
And its value is currently unused :/
I'll have to get back to you later when we fix this up. Sorry about
that. For now, do not use the option and configure any IP you need
configured manually.
Paul
In the CHANGES document, it is suggested that the new command is "iface-ip" but
there is no code to support this so far as I can see.
Do we assume that the code to do this has not yet been written ?
Regards Paul
-----Original Message-----
From: Swan [mailto:[email protected]] On Behalf Of Paul Overton
Sent: 19 February 2020 11:11
To: Paul Wouters <[email protected]>
Cc: [email protected]
Subject: Re: [Swan] Version 3.30 XFRM implementation
Thanks Paul,
Some progress, it seems that the iface-ip= directive is causing the failure to
start, if I don't include this directive, and only use ipsec-interface=yes An
interface ipsec1 is created and the tunnels are created, but the interface does
not have a local IP address. I can add this after though.
This is the error I get when including the iface-ip= statement:
cannot load config '/etc/ipsec.conf': /etc/ipsec.d/connections.conf:26: syntax
error, unexpected STRING [iface-ip]
I have tried adding a number of ipsec interfaces, it would appear the 2 per
external interface is the limit.
Regards Paul
-----Original Message-----
From: Paul Wouters [mailto:[email protected]]
Sent: 18 February 2020 17:18
To: Paul Overton <[email protected]>
Cc: [email protected]
Subject: Re: [Swan] Version 3.30 XFRM implementation
On Tue, 18 Feb 2020, Paul Overton wrote:
I have just updated one of my machines to run Version 3.30 from 3.29.
I would like to change this to use XFRM, and note the new directives
ipsec-interface= and iface-ip=, I have tried using these directives, but Pluto
hangs on restart when I try.
We have not experienced that. Can you perhaps get more logs and/or strace
output to see what's going on?
Are there any definitive instructions/examples of the configuration
and do I need to preload any of the kernel modules ?
if you run with our init system support, which calls _stackmanager, then it
should already load the xfrm_interface.ko module.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
