[Swan] No ipsec0 device with XFRMi

Antony Antony antony at phenome.org
Tue Jul 28 18:25:11 UTC 2020

ipsec-interface=0 would translate to 

ip link add ipsec0 type xfrm dev enp0s5 if_id 0

when I started adding xfrmi I wasn't sure xfrm if_id 0 would work properly.
if_id is a lookup key to find policy and state. I wonder if 0 would mean 
also a policy with no xfrmi if_id.

xfrm if_id 0 was confusing to me. I decided ipsec1 to start with. May be 
time to review it while xfrmi is still expirimental.

and also to avoid confusion from klips.


On Mon, Jul 27, 2020 at 01:05:11PM +0300, Tuomo Soini wrote:
> On Mon, 27 Jul 2020 09:50:44 +0200
> "Wolfgang Nothdurft" <wolfgang at linogate.de> wrote:
> > does it have technical reasons that the setting ipsec-interface=0
> > disables xfrmi, instead of generating a ipsec0 device, or was it a
> > design decision, because of the hybrid value yes, no, number?
> Yes. XFRMI interface id must be >= 1. That means 0 is not possible
> interface id and keeping interface name in sync with interface id was
> just implementation decision.
> -- 
> Tuomo Soini <tis at foobar.fi>
> Foobar Linux services
> +358 40 5240030
> Foobar Oy <https://foobar.fi/>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan

More information about the Swan mailing list