[Swan] VTI support
Xinwei Hong
xhong at skytap.com
Fri Jul 8 22:03:14 UTC 2016
Hi Paul,
Is it possible to provide the exact requirements for this feature? which
kernel version and which iproute2 version? We want to push this feature to
our production and would need to do packaging ourselves.
Also, we currently use racoon+netkey to do policy-based vpn and pluto+klips
to do route-based vpn. With this new feature, will we be able to do both
with pluto+netkey? How to do policy-based VPN without racoon?
Thanks,
Xinwei
On Thu, Jul 7, 2016 at 3:47 AM, Paul Wouters <paul at nohats.ca> wrote:
> On Wed, 6 Jul 2016, Xinwei Hong wrote:
>
> Jul 6 22:06:15: "routed-vpn" #2: prepare-client output: Keys are
>> not allowed with ipip and sit tunnels
>>
>> I think your iproute package is too old and does not support VTI
>>
>> What exact version of iproute would be needed?
>>
>
> https://libreswan.org/wiki/Route-based_VPN_using_VTI
>
> VTI support requires libreswan-3.18 or later and a recent
> linux-3.x or
> 4.x kernel. The iproute package in Ubuntu 14.04 and 16.04 (and
> likely
> debian versions) has been reported to be too old
>
> # dpkg -l iproute
>>
>> Desired=Unknown/Install/Remove/Purge/Hold
>>
>> |
>> Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
>>
>> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
>>
>> ||/ Name Version Architecture
>> Description
>>
>>
>> +++-==========================-==================-==================-==========================================================
>>
>> ii iproute 1:3.12.0-2ubuntu1 all
>> transitional dummy package for iproute2
>>
>
> ii iproute2 3.12.0-2ubuntu1 amd64
>> networking and traffic control tools
>>
>
> I don't know the exact version you need, but I am using 4.0.x
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160708/7e412907/attachment.html>
More information about the Swan
mailing list