[Swan] VTI support
Paul Wouters
paul at nohats.ca
Thu Jul 7 10:47:05 UTC 2016
On Wed, 6 Jul 2016, Xinwei Hong wrote:
> Jul 6 22:06:15: "routed-vpn" #2: prepare-client output: Keys are not allowed with ipip and sit tunnels
>
> I think your iproute package is too old and does not support VTI
>
> What exact version of iproute would be needed?
https://libreswan.org/wiki/Route-based_VPN_using_VTI
VTI support requires libreswan-3.18 or later and a recent linux-3.x or
4.x kernel. The iproute package in Ubuntu 14.04 and 16.04 (and likely
debian versions) has been reported to be too old
> # dpkg -l iproute
>
> Desired=Unknown/Install/Remove/Purge/Hold
>
> | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
>
> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
>
> ||/ Name Version Architecture Description
>
> +++-==========================-==================-==================-==========================================================
>
> ii iproute 1:3.12.0-2ubuntu1 all transitional dummy package for iproute2
> ii iproute2 3.12.0-2ubuntu1 amd64 networking and traffic control tools
I don't know the exact version you need, but I am using 4.0.x
Paul
More information about the Swan
mailing list