These are a series of commits on top of the t11228-xfrm-with-vti branch, which is included, which allows for:
1) wildcard DNs for IKEv2
2) accepting certificates inband and validating them
3) accepting VTI marks via cborwhack interface, and pushing it down to the kernel
4) operating on IPv6 Link-Local interfaces, if configured to do so
There are many bits in this, which could be resorted into more clear chunks, but previous submissions are still unmerged.
These are a series of commits on top of the t11228-xfrm-with-vti branch, which is included, which allows for:
1) wildcard DNs for IKEv2 2) accepting certificates inband and validating them 3) accepting VTI marks via cborwhack interface, and pushing it down to the kernel 4) operating on IPv6 Link-Local interfaces, if configured to do so
There are many bits in this, which could be resorted into more clear chunks, but previous submissions are still unmerged.