[Swan] virtual tunnel interface (VTI) support

Paul Wouters paul at nohats.ca
Thu Oct 29 09:51:05 UTC 2015

On Thu, 29 Oct 2015, Tom Harbert wrote:

> I am looking at migrating from Strongswan to libreswan on an Ubuntu 14.04 system.
> # dpkg -l | grep libreswan
> ii  libreswan                           1:3.14-1                         amd64        Internet Key
> Exchange daemon
> Is it possible to implement IPSec over a virtual tunnel interfaces (VTI) ?  In strongswan, to do this a
> mark is set under the connection profile (mark=x) and this corresponds to the tunnel interface key:
> $ ip link add $INTERFACE type vti local $LOCAL_IP remote $REMOTE_IP key $KEY

What is $INTERFACE filled in with? vtixx where xx is the mark?
What is $KEY?

> AWS require VTI as opposed to GRE tunnels.

I'm happy to write a patch to support this, but I'm not sure yet I fully
understand the setup.


More information about the Swan mailing list