summaryrefslogtreecommitdiffstats
path: root/extras/strongswan/vpp_sswan/swanctl.conf
diff options
context:
space:
mode:
authorGabriel Oginski <gabrielx.oginski@intel.com>2022-06-29 12:54:30 +0000
committerFan Zhang <royzhang1980@hotmail.com>2022-09-28 17:45:26 +0000
commit4e88e041ad47bf422bbb2a0940f77aba11ea2178 (patch)
treedf4e3a9a252212bac900df3a77c438fe5396062e /extras/strongswan/vpp_sswan/swanctl.conf
parentcf9144e65f37402fc6f7dacb7bd7bad6fd596784 (diff)
vpp-swan: Add plugin for vpp-swan
Added plugin vpp-swan is a plugin that helps offloading Strongswan IPsec ESP process from Linux Kernel to VPP. Type: feature Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Iec77945892453fac1890d3c49d7d86fc6b09c893
Diffstat (limited to 'extras/strongswan/vpp_sswan/swanctl.conf')
-rw-r--r--extras/strongswan/vpp_sswan/swanctl.conf35
1 files changed, 35 insertions, 0 deletions
diff --git a/extras/strongswan/vpp_sswan/swanctl.conf b/extras/strongswan/vpp_sswan/swanctl.conf
new file mode 100644
index 00000000000..f3e7a78101f
--- /dev/null
+++ b/extras/strongswan/vpp_sswan/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+ net-net {
+ local_addrs = 192.168.0.2
+ remote_addrs = 192.168.0.1
+ local {
+ auth = psk
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = psk
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 192.168.200.0/24
+ remote_ts = 192.168.100.0/24
+ esp_proposals = aes128-sha1-modp2048
+ rekey_time = 240m
+ }
+ }
+ version = 2
+ mobike = yes
+ encap = no # NAT-T if needed
+ proposals = aes128-sha256-x25519
+ }
+}
+secrets {
+ ike-net-net {
+ id = moon.strongswan.org
+ secret = simplepsk
+ }
+}
+
+# Include config snippets
+include conf.d/*.conf