[prev in list] [next in list] [prev in thread] [next in thread]
List: libreswan-dev
Subject: Re: [Swan-dev] what is INTERFACE_IP / ifaceip / interface-ip= for?
From: Paul Wouters <paul () nohats ! ca>
Date: 2021-01-07 20:21:04
Message-ID: b57bd8bb-fa27-f23-55ea-fa6d91f88ac7 () nohats ! ca
[Download RAW message or body]
On Mon, 4 Jan 2021, Antony Antony wrote:
>>> Subject: [Swan-dev] what is INTERFACE_IP / ifaceip / interface-ip= for?
> Yes the idea was to add that IP address/prefix to the xfrm interface.
> The unfinished feature is inherited from VTI model(possibly hack?). In VTI
> the IP address was added in updwon script. In xfrmi, I would like to add the
> IP from pluto using netlink calls, c functions, instead of calling external
> command "ip".
> May be rethink is this feature still relevant?
> May be the users are using systemd or other scripts to configure interface
> ip?
Some will use systemd, others will not. The option is there for those
who want libreswan to do it.
> I advise against using updrown script for adding the ip address! I think
> adding from pluto is better. Also now the KLIPS is gone, it would be easier
> from pluto.
I'm fine if we do that. However, now we have a broken option
interface-ip= that isn't doing what users expect - to put the IP
on the interface.
I would rather see us duplicate the vti code in updown for now until we
have a working pluto solution than for this option to just guarantee
fail.
Paul
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic