[Swan] VTI for Multiple Site-to-Site VPNs
Paul Wouters
paul at nohats.ca
Wed Aug 28 22:24:32 UTC 2019
On Thu, 29 Aug 2019, Reuben Farrelly wrote:
> But things have gone wrong when I've attempted to add more VTI sessions to
> the libreswan side.
>
> Configs look like this:
>
> conn router-2.reub.net-ipv4
> left=43.229.60.170
> leftid=@jetstream.reub.net
> leftsubnet=0.0.0.0/0
> right=%any
You can only have one right=%any with VTI interfaces. This is a
fundamental limitation of VTI and one of the reasons they are being
obsoleted for XFRMi interfaces. Libreswan should soon support XFRMi.
Paul
More information about the Swan
mailing list