[Swan] libreswan-3.18dr2 with ipsec0 VTI interface and NAT OE support
Muenz, Michael
m.muenz at spam-fetish.org
Fri May 20 11:19:50 UTC 2016
Am 20.05.2016 um 11:20 schrieb Muenz, Michael:
> Am 13.05.2016 um 21:52 schrieb Paul Wouters:
>>
>> Hi,
>>
>> A lot of people have been asking us about VTI support for route-based
>> VPN. We have an initial developer release ready to test that
>> feature. Additionally, this VTI feature allows you to have an ipsec0
>> interface like KLIPS would give you, where you can run tcpdump and
>> iptables on the "clear" interface.
>>
>> I wrote up a wiki page explaining the feature and how to configure it:
>>
>> https://libreswan.org/wiki/Route-based_VPN_using_VTI
>
> Hi,
>
> what are the exact requirements?
Sorry, didn't realize it only comes up after successful SA :D
May 20 11:16:48 debian pluto[1484]: "routed-vpn" #114: initiating Main Mode
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: transition from
state STATE_MAIN_I1 to state STATE_MAIN_I2
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: STATE_MAIN_I2:
sent MI2, expecting MR2
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: transition from
state STATE_MAIN_I2 to state STATE_MAIN_I3
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: STATE_MAIN_I3:
sent MI3, expecting MR3
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: Main mode peer ID
is ID_IPV4_ADDR: 'x'
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: transition from
state STATE_MAIN_I3 to state STATE_MAIN_I4
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: STATE_MAIN_I4:
ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=sha
group=MODP2048}
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: initiating Quick
Mode
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
{using isakmp#114 msgid:b39edce3 proposal=defaults
pfsgroup=OAKLEY_GROUP_MODP2048}
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: prepare-client
output: creating vti interface
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: prepare-client
output: net.ipv4.conf.vti01.disable_policy = 1
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: prepare-client
output: net.ipv4.conf.vti01.rp_filter = 0
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: prepare-client
output: net.ipv4.conf.vti01.forwarding = 1
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: route-client
output: addvti called
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: transition from
state STATE_QUICK_I1 to state STATE_QUICK_I2
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: STATE_QUICK_I2:
sent QI2, IPsec SA established tunnel mode {ESP=>0xb7e67480 <0x552f8c27
xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=passive}
Will play around a bit!
Michael
--
www.muenz-it.de
- Cisco, Linux, Networks
More information about the Swan
mailing list