[Swan] IPv6 and VTI
Paul Wouters
paul at nohats.ca
Mon Jul 15 15:02:05 UTC 2019
On Mon, 15 Jul 2019, Paul Overton wrote:
> Does the current version of Libreswan support VTI for IPv6 tunnels ?
I don't think so?
> I am moving a number of servers to the latest version and switching from KLIPS to Netkey+VTI, and found that one of my IPv6
> machines did not create the VTI interface, it is possible also to do a 6 in 4 tunnel using VTI as well.
You should be moving to XFRMi interfaces. libreswan is working on adding
support for that (we have an internal partial branch at the moment)
Information about XFRMi:
https://lwn.net/Articles/757391/
https://libreswan.org/wiki/XFRM_Interface_Development_Notes
https://workshop.linux-ipsec.org/2018/slides/IPSec_workshop_presentation_lrk.pdf
VTI has several structural limitations, and it will be fully replaced by XFRMi.
Paul
More information about the Swan
mailing list