ipsec-interface=0 would translate to ip link add ipsec0 type xfrm dev enp0s5 if_id 0
when I started adding xfrmi I wasn't sure xfrm if_id 0 would work properly. if_id is a lookup key to find policy and state. I wonder if 0 would mean also a policy with no xfrmi if_id. xfrm if_id 0 was confusing to me. I decided ipsec1 to start with. May be time to review it while xfrmi is still expirimental. and also to avoid confusion from klips. regards, -antony On Mon, Jul 27, 2020 at 01:05:11PM +0300, Tuomo Soini wrote: > On Mon, 27 Jul 2020 09:50:44 +0200 > "Wolfgang Nothdurft" <[email protected]> wrote: > > > does it have technical reasons that the setting ipsec-interface=0 > > disables xfrmi, instead of generating a ipsec0 device, or was it a > > design decision, because of the hybrid value yes, no, number? > > Yes. XFRMI interface id must be >= 1. That means 0 is not possible > interface id and keeping interface name in sync with interface id was > just implementation decision. > > -- > Tuomo Soini <[email protected]> > Foobar Linux services > +358 40 5240030 > Foobar Oy <https://foobar.fi/> > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
