[Swan] virtual tunnel interface (VTI) support

Tom Harbert tom at campaignmonitor.com
Thu Oct 29 05:40:53 UTC 2015


I am looking at migrating from Strongswan to libreswan on an Ubuntu 14.04

# dpkg -l | grep libreswan
ii  libreswan                           1:3.14-1
amd64        Internet Key Exchange daemon

Is it possible to implement IPSec over a virtual tunnel interfaces (VTI) ?
In strongswan, to do this a mark is set under the connection profile
(mark=x) and this corresponds to the tunnel interface key:

$ ip link add $INTERFACE type vti local $LOCAL_IP remote $REMOTE_IP key $KEY

AWS require VTI as opposed to GRE tunnels.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20151029/e5a0886b/attachment.html>

More information about the Swan mailing list