[Swan] leftvti - how to use it?

Tue Sep 12 18:10:00 UTC 2017

Hi,
I have the following conf:

config setup
        protostack=netkey
        plutodebug=none
        listen=199.x.y.166
conn conn_vpn
        authby=secret
        left=199.x.y.166
        right=199.x.y.159
        ike=aes256-sha1;modp1024
        phase2alg=aes256-sha1;modp1024
        ikelifetime=28800s
        salifetime=3600s
        leftsubnet=0.0.0.0/0
        rightsubnet=0.0.0.0/0
        type=tunnel
        mark=5/0xffffffff
        vti-interface=vti01
        vti-routing=no
        vti-shared=yes
        auto=start
        leftvti=10.100.0.1/16

the other end is similar with leftvti=10.200.0.1/16.

The VPN can be established successfully. However, I don't see the leftvti
take effect. I was expecting I can ping 10.100.0.1 from the other end. Is
this what we should expected? How to correctly config leftvti?

In the help page, it has this example:

    # If you run a subnet with BGP (quagga) daemons over IPsec, you
can configure the VTI interface
    leftvti=10.0.1.1/24

my subnets do not have BGP daemons running.

Thanks,
Xinwei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20170912/b0389493/attachment-0001.html>