On Tue, 19 Dec 2023 at 09:32, Bill Atwood <[email protected]> wrote: > > Paul, Brady, > > On 12/18/2023 9:42 PM, Paul Wouters wrote: > > * 4a936b2aad - The XFRM address scope must be global (12 hours ago) > > <Brady Johnson> > > While this constraint must be true for the current XFRM (it does not > understand that Link-Local addresses must have an interface associated > with them), the enforcement of the constraint should be removed when > XFRM is updated and this problem is fixed. IPsec tunnels with LL > endpoints are *required* by the ANIMA RFCs (specifically RFC 8994, > Section 6.8.3.1). Perhaps what is needed here is a configuration option.
Here hardwired to 50. For IPv6, the kernel ignored that and set it to global anyway. Can you file a bug about RFC 8994 needing a way to specify if the address is local or global. Andrew _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
