[Swan-dev] [OpenWrt-Devel] [PATCH v3 2/3] network/config: add xfrm interface support scripts]
Antony Antony
antony at phenome.org
Tue Jun 11 06:08:44 UTC 2019
FYI:
XFRMi seems to be picking up fast. A proposed patch to OpenWRT network
scripts would add support for an xfrm device. I guess we/Libreswan should
merge our branch soon!
OpenWRT patch proposal suggest the whole interface creation and its
lifecycle could be managed by system network scripts.
I imagine on Debian/Fedora systemd-networkd would get similar support soon.
Or may be NetworkManager. I am not sure.
Note they also planned to add ip address there. I wonder how this would work
in various cases, road warrior, or BGP/routing protocol situations.
here is the config example for the interface, this not strongswan. It is
just network config as far as I understand. My guess is libreswan could
also use the same.
specific to A link to full patch set bellow.
--
This package adds scripts for xfrm interfaces support.
Example configuration via /etc/config/network:
config interface 'xfrm0'
option proto 'xfrm'
option mtu '1300'
option zone 'VPN'
option tunlink 'wan'
option ifid 30
config interface 'xfrm0_static'
option proto 'static'
option ifname '@xfrm0'
option ip6addr 'fe80::1/64'
option ipaddr '10.0.0.1/30'
Now set in strongswan IPsec policy:
if_id_in = 30
if_id_out = 30
https://patchwork.ozlabs.org/patch/1111499/
https://patchwork.ozlabs.org/patch/1111500/
-------------- next part --------------
An embedded message was scrubbed...
From: =?UTF-8?q?Andr=C3=A9=20Valentin?= <avalentin at marcant.net>
Subject: [OpenWrt-Devel] [PATCH v3 2/3] network/config: add xfrm interface support scripts
Date: Sat, 8 Jun 2019 13:48:08 +0200
Size: 9166
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20190611/cdffea2e/attachment-0001.mht>
More information about the Swan-dev
mailing list