projects / openwrt / staging / wigyori.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: eb1ac66) | patch
network: add virtual tunnel interface (VTI) support
authorFelix Fietkau <nbd@openwrt.org>
Sun, 17 Jan 2016 11:06:02 +0000 (11:06 +0000)
committerFelix Fietkau <nbd@openwrt.org>
Sun, 17 Jan 2016 11:06:02 +0000 (11:06 +0000)
commite2e8cb83475d9a71225a5a60adb1d4ad04ed1ded
tree39fb224e83bad8249037c16bf5b86067988e1ee6tree | snapshot
parenteb1ac66ce76f9d74c87552b59aab590e3ec07de6commit | diff
network: add virtual tunnel interface (VTI) support

This adds support for configuring VTI interfaces within /etc/config/network.
VTI interfaces are used to create IPsec tunnel interfaces. These interfaces
may be used for routing and other purposes.

Example config:
config interface 'vti1'
option proto 'vti'
option mtu '1500'
option tunlink 'wan'
option peeraddr '192.168.5.16'
option zone 'VPN'
option ikey 2
option okey 2

config interface 'vti1_static'
option proto 'static'
option ifname '@vti1'
option ipaddr '192.168.7.2/24'

The options ikey and okey correspond to the fwmark value of a ipsec policy.
The may be null if you do not want fwmarks.
Also peeraddr may be 0.0.0 if you want all ESP packets go through the
interface.
Example strongswan config:
conn vti
left=%any
leftcert=peer2.test.der
leftid=@peer2.test
right=192.168.5.16
rightid=@peer3.test
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
mark=2
auto=route

Signed-off-by: André Valentin <avalentin@marcant.net>
SVN-Revision: 48274
package/network/config/vti/Makefile [new file with mode: 0644] blob
package/network/config/vti/files/vti.sh [new file with mode: 0755] blob
Staging tree of Zoltan Herpai