aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/config/vti/files
Commit message (Collapse)AuthorAgeFilesLines
* vti: remove setting default firewall zone to wanHans Dedecker2019-02-091-2/+0
| | | | | | | | | Same reasoning as in bdedb798150a58ad7ce3c4741f2f31df97e84c3f; don't set default firewall zone to wan as the firewall zone for the vti interface can be configured in the firewall config or it makes it impossible not to specify a firewall zone for the vti interface. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* vti: add vti specific settings as nested json objectHans Dedecker2017-03-211-1/+6
| | | | | | Add vti specific settings ikey and okey as a nested data json object Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* network: add virtual tunnel interface (VTI) supportFelix Fietkau2016-01-171-0/+151
This adds support for configuring VTI interfaces within /etc/config/network. VTI interfaces are used to create IPsec tunnel interfaces. These interfaces may be used for routing and other purposes. Example config: config interface 'vti1' option proto 'vti' option mtu '1500' option tunlink 'wan' option peeraddr '192.168.5.16' option zone 'VPN' option ikey 2 option okey 2 config interface 'vti1_static' option proto 'static' option ifname '@vti1' option ipaddr '192.168.7.2/24' The options ikey and okey correspond to the fwmark value of a ipsec policy. The may be null if you do not want fwmarks. Also peeraddr may be 0.0.0 if you want all ESP packets go through the interface. Example strongswan config: conn vti left=%any leftcert=peer2.test.der leftid=@peer2.test right=192.168.5.16 rightid=@peer3.test leftsubnet=0.0.0.0/0 rightsubnet=0.0.0.0/0 mark=2 auto=route Signed-off-by: André Valentin <avalentin@marcant.net> SVN-Revision: 48274