[Swan] virtual tunnel interface (VTI) support
Paul Wouters
paul at nohats.ca
Thu Oct 29 09:51:05 UTC 2015
On Thu, 29 Oct 2015, Tom Harbert wrote:
> I am looking at migrating from Strongswan to libreswan on an Ubuntu 14.04 system.
>
> # dpkg -l | grep libreswan
> ii libreswan 1:3.14-1 amd64 Internet Key
> Exchange daemon
>
> Is it possible to implement IPSec over a virtual tunnel interfaces (VTI) ? In strongswan, to do this a
> mark is set under the connection profile (mark=x) and this corresponds to the tunnel interface key:
>
> $ ip link add $INTERFACE type vti local $LOCAL_IP remote $REMOTE_IP key $KEY
What is $INTERFACE filled in with? vtixx where xx is the mark?
What is $KEY?
> AWS require VTI as opposed to GRE tunnels.
I'm happy to write a patch to support this, but I'm not sure yet I fully
understand the setup.
Paul
More information about the Swan
mailing list