mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-04 00:00:14 -04:00
e1ff1eefcf
The manager will allow charon-nm to create XFRM interfaces if supported by the kernel instead of creating an unused dummy TUN interface. The xfrmi tool is mostly obsolete nowadays as iproute2 supports creating XFRM interfaces since 5.1.0 (2019-05). Older Debians don't ship that and early versions didn't list the interface IDs. So there might still be some uses for this tool.
13 lines
484 B
Plaintext
13 lines
484 B
Plaintext
moon::iptables-restore < /etc/iptables.rules
|
|
sun::iptables-restore < /etc/iptables.rules
|
|
moon::ip link add xfrm-moon type xfrm if_id 42 dev eth0
|
|
moon::ip link set xfrm-moon up
|
|
moon::ip route add 10.2.0.0/16 dev xfrm-moon
|
|
moon::iptables -A FORWARD -i xfrm-moon -j ACCEPT
|
|
moon::iptables -A FORWARD -o xfrm-moon -j ACCEPT
|
|
moon::systemctl start strongswan
|
|
sun::systemctl start strongswan
|
|
moon::expect-connection gw-gw
|
|
sun::expect-connection gw-gw
|
|
moon::swanctl --initiate --child net-net
|