[Swan] Host-to-host tunnel and VTI
Paul Wouters
paul at nohats.ca
Wed Mar 14 14:21:18 UTC 2018
On Tue, 13 Mar 2018, Erik Andersson wrote:
> Ok thanks! Trying to replace klips with netkey. I experience some weird klips
> kernel crashes on kernel 4.14 (haven't looked into it in detail). Also, klips
> seems not to be able to "fully" hook up to the kernel crypto API in kernel
> version 4.14.
Yes, KLIPS really only supports 3des/aes and sha1/sha2/md5. It is best
to switch to XFRM. We are planning to obsolete KLIPS as soon as VTI or
XFRMI interfaces are fully supported (including host-to-host IPsec SA's,
one interface for all roadwarriors, and properly automatically
adding/removing of interfaces.
Paul
More information about the Swan
mailing list