vpp-swan: Add plugin for vpp-swan

Added plugin vpp-swan is a plugin that helps offloading Strongswan IPsec ESP process from Linux Kernel to VPP. Type: feature Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Iec77945892453fac1890d3c49d7d86fc6b09c893 (cherry picked from commit 4e88e041ad47bf422bbb2a0940f77aba11ea2178)
author: Gabriel Oginski <gabrielx.oginski@intel.com> 2022-06-29 12:54:30 +0000
committer: Gabriel Oginski <gabrielx.oginski@intel.com> 2022-10-18 06:26:30 +0000
commit: 225d15cae9680b505c0cf73018177d0e8bb88668 (patch)
tree: 264f9f048fda1b826faaccb30e179bc49373f4ca /extras/strongswan/vpp_sswan/swanctl.conf
parent: 994d86f70e1957b30d18eebdd6a06634153b2308 (diff)
1 files changed, 35 insertions, 0 deletions
diff --git a/extras/strongswan/vpp_sswan/swanctl.conf b/extras/strongswan/vpp_sswan/swanctl.conf
new file mode 100644
index 00000000000..f3e7a78101f
--- /dev/null
+++ b/extras/strongswan/vpp_sswan/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+  net-net {
+    local_addrs = 192.168.0.2
+    remote_addrs = 192.168.0.1
+    local {
+      auth = psk
+      id = sun.strongswan.org
+    }
+    remote {
+      auth = psk
+      id = moon.strongswan.org
+    }
+    children {
+      net-net {
+        local_ts = 192.168.200.0/24
+        remote_ts = 192.168.100.0/24
+        esp_proposals = aes128-sha1-modp2048
+        rekey_time = 240m
+      }
+    }
+    version = 2
+    mobike = yes
+    encap = no # NAT-T if needed
+    proposals = aes128-sha256-x25519
+    }
+}
+secrets {
+  ike-net-net {
+    id = moon.strongswan.org
+    secret = simplepsk
+  }
+}
+
+# Include config snippets
+include conf.d/*.conf
author	Gabriel Oginski <gabrielx.oginski@intel.com>	2022-06-29 12:54:30 +0000
committer	Gabriel Oginski <gabrielx.oginski@intel.com>	2022-10-18 06:26:30 +0000
commit	225d15cae9680b505c0cf73018177d0e8bb88668 (patch)
tree	264f9f048fda1b826faaccb30e179bc49373f4ca /extras/strongswan/vpp_sswan/swanctl.conf
parent	994d86f70e1957b30d18eebdd6a06634153b2308 (diff)