> On Jun 20, 2020, at 12:08 AM, TomK <[email protected]> wrote:
>
> However, I'll have to read it more thoroughly later on to be sure of that.
> If you can shed more light on this, that will help. Shouldn't ipsec
> configure the interfaces correctly? It does create ipsec01 so thought that
> would suffice.
I believe the interface creation is sufficiently unique across the matrix of
OSs that StrongSWAN runs on that it’s too resource intensive from a developer
perspective to handle this reliably.
> Had a quick glance at the pages. Some of the commands and modules aren't
> available (ie xfrmi) on DD-WRT however so I'll have to have a closer look
> later this weekend. If you could provide more details that will help.
I run OpenWRT on one of my boxes, but it’s not a tunnel endpoint. DD-WRT et all
are perfect examples where interface creation and kernel functionality is
widely variant. So I don’t have a good answer for you how it should be created,
sorry.
I realized after sending the link I pasted to you was one I had in my history,
I didn’t mean to imply to use xfrm. It’s great if you *can*, but I believe that
interface is only stable on later Linux kernels and almost assuredly not
supported everywhere (maybe anywhere?). Fallbacks are VTI and GRE
constructions, in that order of desirability.
Maybe others will have more information for you!
