diff options
author | Filip Tehlar <ftehlar@cisco.com> | 2021-02-20 02:26:17 +0000 |
---|---|---|
committer | Beno�t Ganne <bganne@cisco.com> | 2021-03-04 14:57:54 +0000 |
commit | d5a3380c65a8ab9e317b8b51a92d50b70e2a9481 (patch) | |
tree | b300ea5fddc7aa59af5d97d50bdd9d6f65a925da /extras/strongswan/configs/initiator | |
parent | 619fc7e3e82b62acf28078853860c9f9803a9dc4 (diff) |
misc: add ikev2 tests usecases
Type: test
Ticket: VPP-1893
Change-Id: Ib6ffd00e73f7110bf9e702f4a0fd5c68395d6786
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Diffstat (limited to 'extras/strongswan/configs/initiator')
-rw-r--r-- | extras/strongswan/configs/initiator/ipsec.conf | 22 | ||||
-rw-r--r-- | extras/strongswan/configs/initiator/ipsec.secrets | 1 | ||||
-rw-r--r-- | extras/strongswan/configs/initiator/vpp.conf | 30 |
3 files changed, 53 insertions, 0 deletions
diff --git a/extras/strongswan/configs/initiator/ipsec.conf b/extras/strongswan/configs/initiator/ipsec.conf new file mode 100644 index 00000000000..6a7c0f6bbea --- /dev/null +++ b/extras/strongswan/configs/initiator/ipsec.conf @@ -0,0 +1,22 @@ +config setup + strictcrlpolicy=no + +conn initiator + mobike=no + auto=add + type=tunnel + keyexchange=ikev2 + ike=aes256gcm16-prfsha256-modp2048! + esp=aes256gcm16-esn! + +# local: + leftauth=psk + leftid=@sswan.vpn.example.com + leftsubnet=192.168.5.0/24 + +# remote: (gateway) + rightid=@roadwarrior.vpp + right=192.168.10.2 + rightauth=psk + rightsubnet=192.168.3.0/24 + diff --git a/extras/strongswan/configs/initiator/ipsec.secrets b/extras/strongswan/configs/initiator/ipsec.secrets new file mode 100644 index 00000000000..adcf9518e9b --- /dev/null +++ b/extras/strongswan/configs/initiator/ipsec.secrets @@ -0,0 +1 @@ +: PSK 'Vpp123' diff --git a/extras/strongswan/configs/initiator/vpp.conf b/extras/strongswan/configs/initiator/vpp.conf new file mode 100644 index 00000000000..36352aa5929 --- /dev/null +++ b/extras/strongswan/configs/initiator/vpp.conf @@ -0,0 +1,30 @@ +create host-interface name vpp +set interface ip addr host-vpp 192.168.10.2/24 +set interface state host-vpp up + +create host-interface name priv +set interface ip addr host-priv 192.168.3.1/24 +set interface state host-priv up + +ikev2 profile add pr1 +ikev2 profile set pr1 auth shared-key-mic string Vpp123 +ikev2 profile set pr1 id local fqdn roadwarrior.vpp +ikev2 profile set pr1 id remote fqdn sswan.vpn.example.com + +ikev2 profile set pr1 traffic-selector local ip-range 192.168.3.0 - 192.168.3.255 port-range 0 - 65535 protocol 0 +ikev2 profile set pr1 traffic-selector remote ip-range 192.168.5.0 - 192.168.5.255 port-range 0 - 65535 protocol 0 + +ikev2 profile set pr1 responder host-vpp 192.168.10.1 +ikev2 profile set pr1 ike-crypto-alg aes-gcm-16 256 ike-dh modp-2048 +ikev2 profile set pr1 esp-crypto-alg aes-gcm-16 256 + +event-logger clear +trace add af-packet-input 100 + +create ipip tunnel src 192.168.10.2 dst 192.168.10.1 +ikev2 profile set pr1 tunnel ipip0 +ip route add 192.168.5.0/24 via 192.168.10.1 ipip0 +set interface unnumbered ipip0 use host-vpp + +ikev2 set liveness 30 4 +ikev2 set logging level 4 |