[Swan-dev] expirimental : ipsec device/interface aka XFRMi
antony at phenome.org
Mon Nov 4 12:24:46 UTC 2019
Initial support for ipsec device for Libreswan using Linux XFRMi. The
kernel support was introduced in 4.19. E.g Fedora 30, or you need 4.19 or
later kernel and the matching header files to compile this branch.
Please test it if you can, also it would be great to receive feedback on
this development branch.
Hopefully it would get merged into libresan 3.30 or 3.31.
To get the source code #xfrmi
git clone -b xfrmi https://github.com/antonyantony/libreswan
more details about XFRMi https://libreswan.org/wiki/Route-based_XFRMi The
configuration and keyword is likely change. Now it is
"ipsec-interface=yes", "yes|no|<n>" option.
I am also hopping to make this work for advanced route based VPN use cases.
That may need changes to pluto's idea route, back in the days "route" was
destination only. Currently with iproute2 we can do more advanced things
such as source and destination based routing.
Anyone using systemd-networkd here? I think it can support xfrm type device.
Let me know if you can test systemd-networkd support. Also OpenWRT is known
to have xfrm device support.
More information about the Swan-dev