If you are using KLIPS, you are likely using it because you prefer to have the virtual interfaces. These ipsecX
interfaces are configured in the setup section with the interfaces=
line. This line is ignored when using NETKEY. If the interfaces
line is missing, it will have the same effect as:
interfaces=%defaultroute
This means that one virtual interface (ipsec0
) will be created, and it will be bound to the interface that currently has defaultroute
pointing to it. After all, it is most likely that IPsec is to be used to communicate with the outside world. If this is not the case, of if you want to use IPsec on multiple physical interfaces, this should be specified explicitly:
interfaces="ipsec0=eth0 ipsec1=ppp0 ipsec2=eth1 ipsec3=eth0:1"
This line creates four ipsecN
interfaces, which are attached to eth0
, ppp0
, eth1
, and eth0:1
. This last entry is an IP alias, and is treated as a physical interface.