Am 20.05.2016 um 11:20 schrieb Muenz, Michael:
Am 13.05.2016 um 21:52 schrieb Paul Wouters:
Hi,
A lot of people have been asking us about VTI support for route-based
VPN. We have an initial developer release ready to test that
feature. Additionally, this VTI feature allows you to have an ipsec0
interface like KLIPS would give you, where you can run tcpdump and
iptables on the "clear" interface.
I wrote up a wiki page explaining the feature and how to configure it:
https://libreswan.org/wiki/Route-based_VPN_using_VTI
Hi,
what are the exact requirements?
Sorry, didn't realize it only comes up after successful SA :D
May 20 11:16:48 debian pluto[1484]: "routed-vpn" #114: initiating Main Mode
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: transition from
state STATE_MAIN_I1 to state STATE_MAIN_I2
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: STATE_MAIN_I2:
sent MI2, expecting MR2
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: transition from
state STATE_MAIN_I2 to state STATE_MAIN_I3
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: STATE_MAIN_I3:
sent MI3, expecting MR3
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: Main mode peer ID
is ID_IPV4_ADDR: 'x'
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: transition from
state STATE_MAIN_I3 to state STATE_MAIN_I4
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: STATE_MAIN_I4:
ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=sha
group=MODP2048}
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: initiating Quick
Mode
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
{using isakmp#114 msgid:b39edce3 proposal=defaults
pfsgroup=OAKLEY_GROUP_MODP2048}
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: prepare-client
output: creating vti interface
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: prepare-client
output: net.ipv4.conf.vti01.disable_policy = 1
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: prepare-client
output: net.ipv4.conf.vti01.rp_filter = 0
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: prepare-client
output: net.ipv4.conf.vti01.forwarding = 1
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: route-client
output: addvti called
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: transition from
state STATE_QUICK_I1 to state STATE_QUICK_I2
May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: STATE_QUICK_I2:
sent QI2, IPsec SA established tunnel mode {ESP=>0xb7e67480 <0x552f8c27
xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=passive}
Will play around a bit!
Michael
--
www.muenz-it.de
- Cisco, Linux, Networks
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
