[Swan] Host-to-host tunnel and VTI
Erik Andersson
erik at ingate.com
Tue Mar 13 09:13:54 UTC 2018
On 03/07/2018 10:26 AM, Paul Wouters wrote:
> On Mon, 5 Mar 2018, Tuomo Soini wrote:
>
>>> I'm running Fedora 26 with libreswan 3.23 and trying to setup a
>>> host-to-host tunnel using the VTI functionality.
>>
>>> Is this setup/configuration even possible? Maybe I'm missing some
>>> fundamentals here :)
>>
>> Host-host is not possible with VTI.
>>
>>> I've successfully got VTI to work with a subnet-to-subnet
>>> configuration (left/rightsubnet).
>>
>> Yes, that's what VTI is designed for.
>
> Indeed. I'm hoping the new xfrmi interface type being considered won't
> have this problem.
>
> Paul
Ok thanks! Trying to replace klips with netkey. I experience some weird
klips kernel crashes on kernel 4.14 (haven't looked into it in detail).
Also, klips seems not to be able to "fully" hook up to the kernel crypto
API in kernel version 4.14.
Regards,
Erik
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list