i need help for configuring VTI for IPsec VPN to be able to do routed VPN (with X.509 auth) at an RUTX11 with firmware version 00.07.04.3 .
(Remark: i need to do route based VPN to connect to HQ with 2 different ISP IP adresses and failover between them and at the HQ this is forced to be used.)
A policy based IPsec VPN tunnel with X.509 as authentication method is up and working correctly. I need to do VTI for route based VPN now.
I have looked at different sites and videos for hints but was not able to configure it successfully, because the RUTX11 is too different compared to the given instructions.
The sites i have looked at are e.g.:
(=How To Establish IPsec Site To Site VPN Tunnel Via VTI. | Linux | OpenWrt )
I have compiled a custom firmware with activated kernel-modules "kmod-ip-vti" and "kmod-ip6-vti" to be able to do a successful "opkg install vti".
But then i am stucked and i need help or more detailed steps to perform this task.
E.g. problems are what do i have to enter where to do a configuration which is also active after reboot of the router?
I tried UC commands but did not found out which to use completely.
I tried to edit /etc/init.d/ipsec , but was not able to do the correct things.
I think editing /var/ipsec/strongswan.conf or ipsec.conf will be lost at reboot and /etc/ipsec.conf is also not the right place.