On Tue, 16 Jan 2024 21:17:41 -0500 William Atwood <[email protected]> wrote:
> 1) I know that Libreswan does not support %zone identifiers > associated with Link-Local (LL) addresses, and it appears from your > experience that Strongswan does not either. I also know that > Libreswan insists that an endpoint address must be "Global". Global is only used when adding IP for XFRM interface for route-based IPsec vpn. And because this is route-based, this can't be LL-address. We told you multiple times that this doesn't affect LL address handling. And we can't really implement support for LL addresses on linux before XFRM/IPsec stack supports it. -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
