aboutsummaryrefslogtreecommitdiffstats
path: root/rules.mk
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2016-01-17 11:06:02 +0000
committerFelix Fietkau <nbd@openwrt.org>2016-01-17 11:06:02 +0000
commite2e8cb83475d9a71225a5a60adb1d4ad04ed1ded (patch)
tree39fb224e83bad8249037c16bf5b86067988e1ee6 /rules.mk
parenteb1ac66ce76f9d74c87552b59aab590e3ec07de6 (diff)
downloadupstream-e2e8cb83475d9a71225a5a60adb1d4ad04ed1ded.tar.gz
upstream-e2e8cb83475d9a71225a5a60adb1d4ad04ed1ded.tar.bz2
upstream-e2e8cb83475d9a71225a5a60adb1d4ad04ed1ded.zip
network: add virtual tunnel interface (VTI) support
This adds support for configuring VTI interfaces within /etc/config/network. VTI interfaces are used to create IPsec tunnel interfaces. These interfaces may be used for routing and other purposes. Example config: config interface 'vti1' option proto 'vti' option mtu '1500' option tunlink 'wan' option peeraddr '192.168.5.16' option zone 'VPN' option ikey 2 option okey 2 config interface 'vti1_static' option proto 'static' option ifname '@vti1' option ipaddr '192.168.7.2/24' The options ikey and okey correspond to the fwmark value of a ipsec policy. The may be null if you do not want fwmarks. Also peeraddr may be 0.0.0 if you want all ESP packets go through the interface. Example strongswan config: conn vti left=%any leftcert=peer2.test.der leftid=@peer2.test right=192.168.5.16 rightid=@peer3.test leftsubnet=0.0.0.0/0 rightsubnet=0.0.0.0/0 mark=2 auto=route Signed-off-by: André Valentin <avalentin@marcant.net> SVN-Revision: 48274
Diffstat (limited to 'rules.mk')
0 files changed, 0 insertions, 0 deletions