summaryrefslogtreecommitdiffstats
path: root/src/scripts/vnet/ipsec
diff options
context:
space:
mode:
authorRay Kinsella <mdr@ashroe.eu>2022-03-01 09:00:17 +0000
committerBeno�t Ganne <bganne@cisco.com>2022-03-03 17:32:23 +0000
commit6db19a9f48e281f4bbeb49559fe1ffb7f7ff3e0d (patch)
tree215b5d286531ba55be66f738d02384c575283491 /src/scripts/vnet/ipsec
parent3819205bdb5ac0217b54f074d7645efa5356b561 (diff)
ipsec: remove ipsec vnet script
An updated ipsec script was identical to the existing ipsec_tun_protect script. Remove the ipsec vnet script, and rename the ipsec_tun_protect to become the default ipsec vnet script. Type: fix Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: Ie05ca3e089b67a5b9499d83d4cb2adf1b6c6ffba
Diffstat (limited to 'src/scripts/vnet/ipsec')
-rw-r--r--src/scripts/vnet/ipsec23
1 files changed, 14 insertions, 9 deletions
diff --git a/src/scripts/vnet/ipsec b/src/scripts/vnet/ipsec
index 55cd914c4f7..6dc4dd7b780 100644
--- a/src/scripts/vnet/ipsec
+++ b/src/scripts/vnet/ipsec
@@ -18,20 +18,25 @@ set int state pg0 up
set int state pg1 up
set int state pipe0 up
-create ipsec tunnel local-ip 10.0.0.1 remote-ip 10.0.0.2 local-spi 100 remote-spi 101 local-crypto-key 6541686776336961656264656f6f6579 remote-crypto-key 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128
+ipsec sa add 20 spi 200 crypto-key 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128
+ipsec sa add 30 spi 300 crypto-key 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128
-set int state ipsec0 up
-set int unnum ipsec0 use pg0
+create ipip tunnel src 10.0.0.1 dst 10.0.0.2
+create ipip tunnel src 10.0.0.2 dst 10.0.0.1 outer-table-id 1
-create ipsec tunnel local-ip 10.0.0.2 remote-ip 10.0.0.1 local-spi 101 remote-spi 100 tx-table 1 local-crypto-key 6541686776336961656264656f6f6579 remote-crypto-key 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128
+ipsec tunnel protect ipip0 sa-in 20 sa-out 30
+ipsec tunnel protect ipip1 sa-in 30 sa-out 20
-set int state ipsec1 up
-set int ip table ipsec1 1
-set int unnum ipsec1 use pg1
+set int state ipip0 up
+set int unnum ipip0 use pg0
-ip route add 192.168.1.0/24 via ipsec0
+set int state ipip1 up
+set int ip table ipip1 1
+set int unnum ipip1 use pg1
+
+ip route add 192.168.1.0/24 via ipip0
set ip neighbor pg1 192.168.1.2 00:11:22:33:44:55
-ip route add table 1 192.168.0.0/24 via ipsec1
+ip route add table 1 192.168.0.0/24 via ipip1
set ip neighbor pg0 192.168.0.2 00:11:22:33:44:66
trace add pg-input 100