It is created on the first tunnel establishment. It is not yet always deleted because we are still pondering how to deal with all use cases. Eg multiple tunnels sharing a device
Sent from my iPhone > On May 20, 2016, at 07:19, Muenz, Michael <[email protected]> wrote: > >> Am 20.05.2016 um 11:20 schrieb Muenz, Michael: >>> Am 13.05.2016 um 21:52 schrieb Paul Wouters: >>> >>> Hi, >>> >>> A lot of people have been asking us about VTI support for route-based >>> VPN. We have an initial developer release ready to test that >>> feature. Additionally, this VTI feature allows you to have an ipsec0 >>> interface like KLIPS would give you, where you can run tcpdump and >>> iptables on the "clear" interface. >>> >>> I wrote up a wiki page explaining the feature and how to configure it: >>> >>> https://libreswan.org/wiki/Route-based_VPN_using_VTI >> >> Hi, >> >> what are the exact requirements? > > Sorry, didn't realize it only comes up after successful SA :D > > > May 20 11:16:48 debian pluto[1484]: "routed-vpn" #114: initiating Main Mode > May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: transition from state > STATE_MAIN_I1 to state STATE_MAIN_I2 > May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: STATE_MAIN_I2: sent > MI2, expecting MR2 > May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: transition from state > STATE_MAIN_I2 to state STATE_MAIN_I3 > May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: STATE_MAIN_I3: sent > MI3, expecting MR3 > May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: Main mode peer ID is > ID_IPV4_ADDR: 'x' > May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: transition from state > STATE_MAIN_I3 to state STATE_MAIN_I4 > May 20 11:17:20 debian pluto[1484]: "routed-vpn" #114: STATE_MAIN_I4: ISAKMP > SA established {auth=PRESHARED_KEY cipher=aes_256 integ=sha group=MODP2048} > May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: initiating Quick Mode > PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO > {using isakmp#114 msgid:b39edce3 proposal=defaults > pfsgroup=OAKLEY_GROUP_MODP2048} > May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: prepare-client output: > creating vti interface > May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: prepare-client output: > net.ipv4.conf.vti01.disable_policy = 1 > May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: prepare-client output: > net.ipv4.conf.vti01.rp_filter = 0 > May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: prepare-client output: > net.ipv4.conf.vti01.forwarding = 1 > May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: route-client output: > addvti called > May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: transition from state > STATE_QUICK_I1 to state STATE_QUICK_I2 > May 20 11:17:20 debian pluto[1484]: "routed-vpn" #115: STATE_QUICK_I2: sent > QI2, IPsec SA established tunnel mode {ESP=>0xb7e67480 <0x552f8c27 > xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=passive} > > > Will play around a bit! > > > Michael > > > -- > www.muenz-it.de > - Cisco, Linux, Networks > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
