hi
no the main reason for the question was that i try rdomain and
tunneldomain than
i got an error messages , i think at the tunneldomain option.
in general , without rdomain sec interface and ipsec works , in my case
i had trouble
with an second sec interface, sometime he use allways the sec0 interface
instead
of sec1 , this i fix it with use of iked.
my wish is to use sec interface like , as example vxlan , with
tunneldomain.
vxlan interface is in my internal rdomain 10 and the tunneldomain 0 is
where my wan if is and
the iked listen.
Holger
On 26.12.23 08:36, David Gwynne wrote:
which bit doesnt work? the "tunneldomain" command or actual packets moving?
sec transport is provided entirely by the ipsec stack, ie, you configure the
ipsec SAs associated with the interface to operate in a specific rdomain, sec
doesn't support configuration that with tunneldomain.
if you tcpdump on the enc and sec interfaces, do you see the packets you're
expecting?
dlg
On 24 Dec 2023, at 19:21, Holger Glaess <gla...@glaessixs.de> wrote:
hi
i try to use the new sec0 if in this manner.
---
cat /etc/hostname.sec0
rdomain 10
inet 172.16.0.1 255.255.255.252 172.16.0.2
tunneldomain 0
up
---
but it will not work .
can sec work with rdomain ?
happy christmas to all.
Holger
