[Swan] No ipsec0 device with XFRMi

Paul Wouters paul at nohats.ca
Wed Aug 12 01:15:31 UTC 2020

On Mon, 10 Aug 2020, Antony Antony wrote:

> Thanks for the testcase. Unfortunately, north has no second uplink/interface
> to reach east. So the test can't send the traffic yet. Now we can verify
> rules and verify "ip x s" mark/mask. Let me see if there is another way to
> test to able to send traffic with fwmark.  Add another rule or something,
> change http  to "nc" as a listener on east.

You can add another type of interface. A redhat test did something like

ip tunnel add test0 mode gre local remote

then use the test0 interface.


More information about the Swan mailing list