[Swan-dev] [PATCH libreswan] Add support for IPSec HW-offload on the NIC
Antony Antony
antony at phenome.org
Thu Jun 29 18:09:34 UTC 2017
On Thu, Jun 29, 2017 at 04:51:12PM +0000, Ilan Tayari wrote:
> > Here are a couple of proposed changes, untested, after a closer review.
> >
> > 1. rename option to "nic-offload". Libreswan is moving away from "_"
> > 2. whack --nic-offload
> > 3. nic-offload:yes; in "ipsec staus" connection
> > 4. there is one coding style change I made.
> >
>
> I just tested this.
>
> 1. I would squash your patch 0001 into my patch, no need to put this naming back-and-forth into git history
good.
> 2. ipsec status shows nic-offload:yes
> 000 "myconn": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:yes;
looks good. thanks for testing.
> 3. I'll try to get whack command line switch to work next week.
> Do you have an example of command to add a connection with specific phase2alg using whack?
try: this line for both ends.
ipsec whack --psk --encrypt --name myconn --tunnel --host "192.168.7.1" \
--to --host "192.168.7.11" --esp aes_gcm256-null --nic-offload
ipsec auto --up myconn
and to delete
ipsec auto --delete myconn
If it is ikev2 add both of these " --ikev2-allow --ikev2-propose"
-antony
More information about the Swan-dev
mailing list