[Swan] Version 3.30 XFRM implementation
Paul Overton
Paul at trustedcyber.co.uk
Wed Feb 19 11:10:49 UTC 2020
Thanks Paul,
Some progress, it seems that the iface-ip= directive is causing the failure to start, if I don't include this directive, and only use ipsec-interface=yes
An interface ipsec1 is created and the tunnels are created, but the interface does not have a local IP address. I can add this after though.
This is the error I get when including the iface-ip= statement:
cannot load config '/etc/ipsec.conf': /etc/ipsec.d/connections.conf:26: syntax error, unexpected STRING [iface-ip]
I have tried adding a number of ipsec interfaces, it would appear the 2 per external interface is the limit.
Regards Paul
-----Original Message-----
From: Paul Wouters [mailto:paul at nohats.ca]
Sent: 18 February 2020 17:18
To: Paul Overton <Paul at trustedcyber.co.uk>
Cc: Swan at lists.libreswan.org
Subject: Re: [Swan] Version 3.30 XFRM implementation
On Tue, 18 Feb 2020, Paul Overton wrote:
> I have just updated one of my machines to run Version 3.30 from 3.29.
> I would like to change this to use XFRM, and note the new directives
> ipsec-interface= and iface-ip=, I have tried using these directives, but Pluto hangs on restart when I try.
We have not experienced that. Can you perhaps get more logs and/or strace output to see what's going on?
> Are there any definitive instructions/examples of the configuration
> and do I need to preload any of the kernel modules ?
if you run with our init system support, which calls _stackmanager, then it should already load the xfrm_interface.ko module.
Paul
More information about the Swan
mailing list