diff options
| author | Felix Fietkau <nbd@openwrt.org> | 2016-01-17 11:06:02 +0000 |
|---|---|---|
| committer | Felix Fietkau <nbd@openwrt.org> | 2016-01-17 11:06:02 +0000 |
| commit | e2e8cb83475d9a71225a5a60adb1d4ad04ed1ded (patch) | |
| tree | 39fb224e83bad8249037c16bf5b86067988e1ee6 /package/network/config/vti/Makefile | |
| parent | eb1ac66ce76f9d74c87552b59aab590e3ec07de6 (diff) | |
| download | upstream-e2e8cb83475d9a71225a5a60adb1d4ad04ed1ded.tar.gz upstream-e2e8cb83475d9a71225a5a60adb1d4ad04ed1ded.tar.bz2 upstream-e2e8cb83475d9a71225a5a60adb1d4ad04ed1ded.zip | |
network: add virtual tunnel interface (VTI) support
This adds support for configuring VTI interfaces within /etc/config/network.
VTI interfaces are used to create IPsec tunnel interfaces. These interfaces
may be used for routing and other purposes.
Example config:
config interface 'vti1'
option proto 'vti'
option mtu '1500'
option tunlink 'wan'
option peeraddr '192.168.5.16'
option zone 'VPN'
option ikey 2
option okey 2
config interface 'vti1_static'
option proto 'static'
option ifname '@vti1'
option ipaddr '192.168.7.2/24'
The options ikey and okey correspond to the fwmark value of a ipsec policy.
The may be null if you do not want fwmarks.
Also peeraddr may be 0.0.0 if you want all ESP packets go through the
interface.
Example strongswan config:
conn vti
left=%any
leftcert=peer2.test.der
leftid=@peer2.test
right=192.168.5.16
rightid=@peer3.test
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
mark=2
auto=route
Signed-off-by: André Valentin <avalentin@marcant.net>
SVN-Revision: 48274
Diffstat (limited to 'package/network/config/vti/Makefile')
| -rw-r--r-- | package/network/config/vti/Makefile | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/package/network/config/vti/Makefile b/package/network/config/vti/Makefile new file mode 100644 index 0000000000..a81e889b23 --- /dev/null +++ b/package/network/config/vti/Makefile @@ -0,0 +1,65 @@ +# +# Copyright (C) 2014 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=vti +PKG_VERSION:=1 +PKG_RELEASE:=1 +PKG_LICENSE:=GPL-2.0 + +include $(INCLUDE_DIR)/package.mk + +define Package/vti/Default + SECTION:=net + CATEGORY:=Network + MAINTAINER:=Andre Valentin <avalentin@marcant.net> +endef + +define Package/vti +$(call Package/vti/Default) + TITLE:=Virtual IPsec Tunnel Interface config support +endef + +define Package/vti/description + Virtual IPsec Tunnel Interface config support (IPv4 and IPv6) in /etc/config/network. +endef + +define Package/vtiv4 +$(call Package/vti/Default) + TITLE:=Virtual IPsec Tunnel Interface (IPv4) config support + DEPENDS:=@(PACKAGE_vti) +kmod-ip_vti +endef + +define Package/vtiv4/description + Virtual IPsec Tunnel Interface config support (IPv4) in /etc/config/network. +endef + +define Package/vtiv6 +$(call Package/vti/Default) + TITLE:=Virtual IPsec Tunnel Interface (IPv6) config support + DEPENDS:=@(PACKAGE_vti) @IPV6 +kmod-ip6_vti +endef + +define Package/vtiv6/description + Virtual IPsec Tunnel Interface config support (IPv6) in /etc/config/network. +endef + +define Build/Compile +endef + +define Build/Configure +endef + +define Package/vti/install + $(INSTALL_DIR) $(1)/lib/netifd/proto + $(INSTALL_BIN) ./files/vti.sh $(1)/lib/netifd/proto/vti.sh +endef + +$(eval $(call BuildPackage,vti)) +$(eval $(call BuildPackage,vtiv4)) +$(eval $(call BuildPackage,vtiv6)) |