[Swan-dev] what is INTERFACE_IP / ifaceip / interface-ip= for?

Paul Wouters paul at nohats.ca
Thu Jan 7 20:21:04 UTC 2021


On Mon, 4 Jan 2021, Antony Antony wrote:

>>> Subject: [Swan-dev] what is INTERFACE_IP / ifaceip / interface-ip= for?

> Yes the idea was to add that IP address/prefix to the xfrm interface.
> The unfinished feature is inherited from VTI model(possibly hack?). In VTI
> the IP address was added in updwon script. In xfrmi, I would like to add the
> IP from pluto using netlink calls, c functions, instead of calling external
> command "ip".

> May be rethink is this feature still relevant?
> May be the users are using systemd or other scripts to configure interface
> ip?

Some will use systemd, others will not. The option is there for those
who want libreswan to do it.

> I advise against using updrown script for adding the ip address! I think
> adding from pluto is better. Also now the KLIPS is gone, it would be easier
> from pluto.

I'm fine if we do that. However, now we have a broken option
interface-ip= that isn't doing what users expect - to put the IP
on the interface.

I would rather see us duplicate the vti code in updown for now until we
have a working pluto solution than for this option to just guarantee
fail.

Paul


More information about the Swan-dev mailing list