[CONTACT]

[ABOUT]

[POLICY]

One of its features is that

Found at: republic.circumlunar.space:70/~rak/phlog/2022-06-25-Configuring-routable-OpenIKED-addresses-with-systemd.md

One of its features is that 


================================================================





One of its features is that it can dynamically assign addresses



on the internal network to clients, and clients can assign these



addresses and routes to interfaces. However, these interfaces



must exist before iked can start. Some months ago I switched my



Debian laptop's configuration from the traditional ifupdown to



nstall addresses, but also not interfere with iked by trying to


manage these interfaces. Here is my working configuration.





First, I have systemd create the interface dummy1 by creating a



/etc/systemd/network/20-dummy1.netdev:





    [NetDev]



    Name=dummy1



    Kind=dummy





Then I tell systemd not to manage this interface by creating a



/etc/systemd/network/20-dummy1.network:





    [Match]



    Name=dummy1



    Unmanaged=yes





Restarting systemd-networkd causes these interfaces to get



created, and we can then check their status using



networkctl(8):





    $ systemctl restart systemd-networkd.service



    $ networkctl



    IDX LINK     TYPE     OPERATIONAL SETUP



      1 lo       loopback carrier     unmanaged



      2 enp2s0f0 ether    off         unmanaged



      3 enp5s0   ether    off         unmanaged



      4 dummy1   ether    degraded    configuring



      5 dummy3   ether    degraded    configuring



      6 sit0     sit      off         unmanaged



      8 wlp3s0   wlan     routable    configured



      9 he-ipv6  sit      routable    configured





    8 links listed.





Finally, I configure my flows in /etc/iked.conf, making sure



to assign the received address to the interface dummy1:





    ikev2 'hades' active esp \



            from dynamic to 10.0.1.0/24 \



            peer hades.rak.ac \



            srcid '/CN=asteria.rak.ac' \



            dstid '/CN=hades.rak.ac' \



            request address 10.0.1.103 \



            iface dummy1





Restarting openiked and checking the status of the interface



network and that it is routable:





    $ systemctl restart openiked.service



    $ networkctl status dummy1



    ● 4: dummy1



                         Link File: /usr/lib/systemd/network/99-default.link



                      Network File: /etc/systemd/network/20-dummy1.network



                              Type: ether



                              Kind: dummy



                             State: routable (configured)



                      Online state: online



                            Driver: dummy



                  Hardware Address: 22:50:5f:98:a1:a9



                               MTU: 1500



                             QDisc: noqueue



      IPv6 Address Generation Mode: eui64



              Queue Length (Tx/Rx): 1/1



                           Address: 10.0.1.103



                                    fe80::2050:5fff:fe98:a1a9



                               DNS: 10.0.1.1



                     Route Domains: .



                 Activation Policy: up



               Required For Online: yes



                 DHCP6 Client DUID: DUID-EN/Vendor:0000ab11aafa4f02d6ac68d40000





to configure this under systemd.







			
			
AD: