Hi Flebourse,
Now that KMOD-IP-VTI is loaded and VTI interfaces are now working. I am having another issue:
I have created a tunnel with 0.0.0.0/0 on both sides and marked with "100"
root@Teltonika-RUTX11:~# uci show ipsec
ipsec.@ipsec[0]=ipsec
ipsec.@ipsec[0].rtinstall_enabled='0'
ipsec.ATI=remote
ipsec.ATI.crypto_proposal='ATI_ph1'
ipsec.ATI.gateway='*************'
ipsec.ATI.authentication_method='psk'
ipsec.ATI.pre_shared_key='***********'
ipsec.ATI.tunnel='ATI_c'
ipsec.ATI.force_crypto_proposal='0'
ipsec.ATI.enabled='1'
ipsec.ATI.local_identifier='*************'
ipsec.ATI.remote_identifier='************'
ipsec.ATI_c=connection
ipsec.ATI_c.crypto_proposal='ATI_ph2'
ipsec.ATI_c.type='tunnel'
ipsec.ATI_c.defaultroute='0'
ipsec.ATI_c.keyexchange='ikev1'
ipsec.ATI_c.aggressive='yes'
ipsec.ATI_c.forceencaps='no'
ipsec.ATI_c.remote_firewall='no'
ipsec.ATI_c.ikelifetime='3h'
ipsec.ATI_c.force_crypto_proposal='0'
ipsec.ATI_c.lifetime='1h'
ipsec.ATI_c.local_subnet='0.0.0.0/0'
ipsec.ATI_c.remote_subnet='0.0.0.0/0'
ipsec.ATI_c.custom='mark=100'
ipsec.ATI_c.local_firewall='no'
ipsec.ATI_c.mode='route'
ipsec.ATI_ph1=proposal
ipsec.ATI_ph1.encryption_algorithm='aes128'
ipsec.ATI_ph1.hash_algorithm='sha1'
ipsec.ATI_ph1.dh_group='modp1536'
ipsec.ATI_ph2=proposal
ipsec.ATI_ph2.encryption_algorithm='aes128'
ipsec.ATI_ph2.hash_algorithm='sha1'
ipsec.ATI_ph2.dh_group='modp1536'
root@Teltonika-RUTX11:~#
Secondly disabled the routing
ipsec.@ipsec[0].rtinstall_enabled='0'
Tunnel is up and established:
Connections:
ATI-ATI_c: %any...******* IKEv1 Aggressive
ATI-ATI_c: local: [*****] uses pre-shared key authentication
ATI-ATI_c: remote: [*******] uses pre-shared key authentication
ATI-ATI_c: child: 0.0.0.0/0 === 0.0.0.0/0 TUNNEL
Security Associations (1 up, 0 connecting):
ATI-ATI_c[16]: ESTABLISHED 97 minutes ago, 10.213.147.30[***]...*******[*******]
ATI-ATI_c[16]: IKEv1 SPIs: 62c4a2888a193fcc_i* 5351f025072c4252_r, pre-shared key reauthentication in 69 minutes
ATI-ATI_c[16]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
ATI-ATI_c{6}: INSTALLED, TUNNEL, reqid 3, ESP in UDP SPIs: c9e2db33_i e3b84dc9_o
ATI-ATI_c{6}: AES_CBC_128/HMAC_SHA1_96/MODP_1536, 0 bytes_i, 0 bytes_o, rekeying in 39 minutes
ATI-ATI_c{6}: 0.0.0.0/0 === 0.0.0.0/0
root@Teltonika-RUTX11:~#
Then created the tunnel interface and marked with "100"
ip link add ipsec0 type vti local 192.168.12.7 remote 0.0.0.0 key 100
ip link set ipsec0 up
ip addr add 192.168.12.7/29 dev ipsec0
I am not getting traffic across and counters suggest errors:
root@Teltonika-RUTX11:~# ip -s tunnel show ipsec0
ipsec0: ip/ip remote any local 192.168.12.7 ttl inherit nopmtudisc key 100
RX: Packets Bytes Errors CsumErrs OutOfSeq Mcasts
0 0 0 0 0 0
TX: Packets Bytes Errors DeadLoop NoRoute NoBufs
0 0 83 0 83 0
root@Teltonika-RUTX11:~#
Am i missing something?
Thanks