[Swan-dev] expirimental : ipsec device/interface aka XFRMi

Paul Wouters paul at nohats.ca
Fri Jan 24 12:49:10 UTC 2020

> On Jan 24, 2020, at 13:44, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>> They do. no = 0, yes = 1 and the man page does not explain this.
> So if I specify:
>  ipsec-interface=no
> I get interface 0, and:

No, you get no interface because 0 means no. This is because the current Linux implementation uses IF_ID which does not see 0 as a valid ID.

>  ipsec-interface=1
> I get a random interface?

You get ipsec1, same as when specifying “yes”.

In the future, %unique will mean get a (pseudo)random interface name.

I’m not sure what happens when you pick “10”, as I was confused about the numbers maybe being in hex ? 


More information about the Swan-dev mailing list