hi
no the main reason for the question was that i try rdomain and
tunneldomain than
i got an error messages , i think at the tunneldomain option.
in general , without rdomain sec interface and ipsec works , in my case
i had trouble
with an second sec interface, sometime he use allways the sec0 interface
instead
of sec1 , this i fix it with use of iked.
my wish is to use sec interface like , as example vxlan , with
tunneldomain.
vxlan interface is in my internal rdomain 10 and the tunneldomain 0 is
where my wan if is and
the iked listen.
Holger
On 26.12.23 08:36, David Gwynne wrote:
> which bit doesnt work? the "tunneldomain" command or actual packets moving?
>
> sec transport is provided entirely by the ipsec stack, ie, you configure the ipsec SAs associated with the interface to operate in a specific rdomain, sec doesn't support configuration that with tunneldomain.
>
> if you tcpdump on the enc and sec interfaces, do you see the packets you're expecting?
>
> dlg
>
>> On 24 Dec 2023, at 19:21, Holger Glaess <glaess@glaessixs.de> wrote:
>>
>> hi
>>
>> i try to use the new sec0 if in this manner.
>>
>> ---
>>
>> cat /etc/hostname.sec0
>>
>> rdomain 10
>>
>> inet 172.16.0.1 255.255.255.252 172.16.0.2
>>
>> tunneldomain 0
>>
>> up
>>
>> ---
>>
>>
>> but it will not work .
>>
>> can sec work with rdomain ?
>>
>>
>> happy christmas to all.
>>
>>
>> Holger
>>
>>
>>
No comments:
Post a Comment