[Swan] vti support

Paul Wouters paul at nohats.ca
Mon May 30 17:08:55 UTC 2016

On Mon, 30 May 2016, Charles Wyble wrote:

> I’m now attempting to have VTi work.
> Per https://libreswan.org/wiki/Route-based_VPN_using_VTI it requires libreswan 3.18, however only 3.17 is released. I downloaded
> the source from github and compiled, that gives me

You can also grab


> Is VTI working? Is there anything else I need to do to enable it?

Yes, see man ipsec.conf for the options mark= vti-interface= and

That is explained in the VTI wiki page you linked above.

> No vti interface exists (except perhaps one instantiated by the kernel?)

You need to establish the tunnel for the device to be created.

> root at tsys-shared-router:~# ip  a |grep vti
> 15: ip_vti0 at NONE: <NOARP> mtu 1332 qdisc noop state DOWN group default

To see the tunnel device, use: ip tun


More information about the Swan mailing list