On Sat, 6 Feb 2021, Cesare Leonardi wrote:
Hello, just to try the "ipsec-interface" parameter, that I've never used
before, I've added "ipsec-interface=yes" to a working VPN (Libreswan 4.2) and
I've noted that it has trouble with "auto=ondemand".
In that case, as soon I start the ipsec service, I see something like that in
the log:
=====
"test": route-host output: /usr/libexec/ipsec/_updown.xfrm: doroute "ip -4
route replace 192.168.1.0/24 dev ipsec1" failed (Cannot find device
"ipsec1")
=====
We need to look at fixing this bug.
One work around for this is can be to define the ipsec1 interface
outside of pluto (eg via systemd/NM) so that the device is always
present - irrespective of whether libreswan is running.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
