[Swan-dev] what is INTERFACE_IP / ifaceip / interface-ip= for?
paul at nohats.ca
Thu Jan 7 20:21:04 UTC 2021
On Mon, 4 Jan 2021, Antony Antony wrote:
>>> Subject: [Swan-dev] what is INTERFACE_IP / ifaceip / interface-ip= for?
> Yes the idea was to add that IP address/prefix to the xfrm interface.
> The unfinished feature is inherited from VTI model(possibly hack?). In VTI
> the IP address was added in updwon script. In xfrmi, I would like to add the
> IP from pluto using netlink calls, c functions, instead of calling external
> command "ip".
> May be rethink is this feature still relevant?
> May be the users are using systemd or other scripts to configure interface
Some will use systemd, others will not. The option is there for those
who want libreswan to do it.
> I advise against using updrown script for adding the ip address! I think
> adding from pluto is better. Also now the KLIPS is gone, it would be easier
> from pluto.
I'm fine if we do that. However, now we have a broken option
interface-ip= that isn't doing what users expect - to put the IP
on the interface.
I would rather see us duplicate the vti code in updown for now until we
have a working pluto solution than for this option to just guarantee
More information about the Swan-dev