diff options
| author | Felix Fietkau <nbd@openwrt.org> | 2016-01-17 11:06:02 +0000 |
|---|---|---|
| committer | Felix Fietkau <nbd@openwrt.org> | 2016-01-17 11:06:02 +0000 |
| commit | 5be54630899a7b21b5a53979e8a5eaf13bb6d906 (patch) | |
| tree | 20a792a87eb516fd5bf515a922e2209a4c00693f /target/sdk/convert-config.pl | |
| parent | 4d66f2c0f39cc959c643ff47498e939dd1f2bb59 (diff) | |
| download | master-187ad058-5be54630899a7b21b5a53979e8a5eaf13bb6d906.tar.gz master-187ad058-5be54630899a7b21b5a53979e8a5eaf13bb6d906.tar.bz2 master-187ad058-5be54630899a7b21b5a53979e8a5eaf13bb6d906.zip | |
network: add virtual tunnel interface (VTI) support
This adds support for configuring VTI interfaces within /etc/config/network.
VTI interfaces are used to create IPsec tunnel interfaces. These interfaces
may be used for routing and other purposes.
Example config:
config interface 'vti1'
option proto 'vti'
option mtu '1500'
option tunlink 'wan'
option peeraddr '192.168.5.16'
option zone 'VPN'
option ikey 2
option okey 2
config interface 'vti1_static'
option proto 'static'
option ifname '@vti1'
option ipaddr '192.168.7.2/24'
The options ikey and okey correspond to the fwmark value of a ipsec policy.
The may be null if you do not want fwmarks.
Also peeraddr may be 0.0.0 if you want all ESP packets go through the
interface.
Example strongswan config:
conn vti
left=%any
leftcert=peer2.test.der
leftid=@peer2.test
right=192.168.5.16
rightid=@peer3.test
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
mark=2
auto=route
Signed-off-by: André Valentin <avalentin@marcant.net>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48274 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'target/sdk/convert-config.pl')
0 files changed, 0 insertions, 0 deletions