summaryrefslogtreecommitdiffstats
path: root/extras/strongswan/topos
diff options
context:
space:
mode:
Diffstat (limited to 'extras/strongswan/topos')
-rw-r--r--extras/strongswan/topos/2_init.sh113
-rw-r--r--extras/strongswan/topos/basic.sh115
2 files changed, 228 insertions, 0 deletions
diff --git a/extras/strongswan/topos/2_init.sh b/extras/strongswan/topos/2_init.sh
new file mode 100644
index 00000000000..4e4b19079d3
--- /dev/null
+++ b/extras/strongswan/topos/2_init.sh
@@ -0,0 +1,113 @@
+#
+# 2 initiators (strongswan), 1 responder (vpp) topology
+#
+
+if [ -f ~/.vpp_sswan ]; then
+ . ~/.vpp_sswan
+fi
+
+STARTUP_DIR="`pwd`"
+SSWAN_CFG_DIR=/tmp/sswan
+
+vppctl () {
+ sudo $VPPCTL -s /tmp/vpp_sswan.sock $@
+}
+
+start_vpp() {
+ sudo $VPP_BIN unix { \
+ cli-listen /tmp/vpp_sswan.sock \
+ gid $(id -g) } \
+ api-segment { prefix vpp } \
+ plugins { plugin dpdk_plugin.so { disable } }
+ sleep 5
+
+ echo "exec $STARTUP_DIR/configs/$TC_DIR/vpp.conf"
+ vppctl exec $STARTUP_DIR/configs/$TC_DIR/vpp.conf
+ sleep 3
+}
+
+initiator_conf() {
+ sudo rm -r $SSWAN_CFG_DIR$1
+ sudo mkdir -p $SSWAN_CFG_DIR$1
+ sudo cp configs/$TC_DIR/ipsec$1.conf $SSWAN_CFG_DIR$1/ipsec.conf
+ sudo cp configs/$TC_DIR/ipsec.secrets $SSWAN_CFG_DIR$1/ipsec.secrets
+ sudo cp configs/strongswan.conf $SSWAN_CFG_DIR$1/strongswan.conf
+}
+
+config_topo () {
+ ns_name="ns"$1
+ init_name="sswan"$1
+ (sudo ip link add gw$1 type veth peer name veth_gw$1
+ sudo ip link set dev gw$1 up
+
+ sudo ip netns add $ns_name
+ sudo ip link add veth_priv$1 type veth peer name priv$1
+ sudo ip link set dev priv$1 up
+ sudo ip link set dev veth_priv$1 up netns $ns_name
+
+ sudo ip netns exec $ns_name \
+ bash -c "
+ ip link set dev lo up
+ ip addr add 192.168.3.2/24 dev veth_priv$1
+ ip addr add fec3::2/16 dev veth_priv$1
+ ip route add 192.168.5.0/24 via 192.168.3.1
+ ip route add fec5::0/16 via fec3::1
+ ") &> /dev/null
+
+ initiator_conf $1
+
+ (docker run --name $init_name -d --privileged --rm --net=none \
+ -v $SSWAN_CFG_DIR$1:/conf -v $SSWAN_CFG_DIR$1:/etc/ipsec.d philplckthun/strongswan)
+
+ pid=$(docker inspect --format "{{.State.Pid}}" $init_name)
+ sudo ip link set netns $pid dev veth_gw$1
+
+ sudo nsenter -t $pid -n ip addr add 192.168.10.1/24 dev veth_gw$1
+ sudo nsenter -t $pid -n ip link set dev veth_gw$1 up
+
+ sudo nsenter -t $pid -n ip addr add 192.168.5.2/32 dev lo
+ sudo nsenter -t $pid -n ip link set dev lo up
+}
+
+initiate_from_sswan () {
+ echo "start initiation.."
+ sudo docker exec sswan$1 ipsec up initiator
+ sleep 3
+}
+
+test_ping() {
+ sudo ip netns exec $1 ping -c 1 192.168.5.2
+ rc=$?
+ if [ $rc -ne 0 ] ; then
+ echo "Test failed!"
+ else
+ echo "Test passed."
+ fi
+ return $rc
+}
+
+unconf_topo () {
+ docker stop sswan1 &> /dev/null
+ docker stop sswan2 &> /dev/null
+ sudo pkill vpp
+ sudo ip netns delete ns1
+ sudo ip netns delete ns2
+ sleep 2
+}
+
+initiate_from_vpp () {
+ vppctl ikev2 initiate sa-init pr1
+ sleep 2
+}
+
+#vpp as an responder
+run_responder_test() {
+ unconf_topo
+ config_topo "1"
+ config_topo "2"
+ start_vpp
+ initiate_from_sswan "1"
+ initiate_from_sswan "2"
+ test_ping "ns2"
+ test_ping "ns1"
+}
diff --git a/extras/strongswan/topos/basic.sh b/extras/strongswan/topos/basic.sh
new file mode 100644
index 00000000000..68968a06667
--- /dev/null
+++ b/extras/strongswan/topos/basic.sh
@@ -0,0 +1,115 @@
+if [ -f ~/.vpp_sswan ]; then
+ . ~/.vpp_sswan
+fi
+
+STARTUP_DIR="`pwd`"
+SSWAN_CFG_DIR=/tmp/sswan
+
+start_vpp() {
+ sudo $VPP_BIN unix { \
+ cli-listen /tmp/vpp_sswan.sock \
+ gid $(id -g) } \
+ api-segment { prefix vpp } \
+ plugins { plugin dpdk_plugin.so { disable } }
+}
+
+vppctl () {
+ sudo $VPPCTL -s /tmp/vpp_sswan.sock $@
+}
+
+initiator_conf() {
+ sudo rm -r $SSWAN_CFG_DIR
+ sudo mkdir -p $SSWAN_CFG_DIR
+ sudo cp configs/$TC_DIR/ipsec.conf $SSWAN_CFG_DIR/ipsec.conf
+ sudo cp configs/$TC_DIR/ipsec.secrets $SSWAN_CFG_DIR/ipsec.secrets
+ sudo cp configs/strongswan.conf $SSWAN_CFG_DIR/strongswan.conf
+}
+
+config_topo () {
+ (sudo ip link add vpp type veth peer name swanif
+ sudo ip link set dev vpp up
+
+ sudo ip netns add ns
+ sudo ip link add veth_priv type veth peer name priv
+ sudo ip link set dev priv up
+ sudo ip link set dev veth_priv up netns ns
+
+ sudo ip netns exec ns \
+ bash -c "
+ ip link set dev lo up
+ ip addr add 192.168.3.2/24 dev veth_priv
+ ip addr add fec3::2/16 dev veth_priv
+ ip route add 192.168.5.0/24 via 192.168.3.1
+ ip route add fec5::0/16 via fec3::1
+ ") &> /dev/null
+
+ initiator_conf
+ (docker run --name sswan -d --privileged --rm --net=none \
+ -v $SSWAN_CFG_DIR:/conf -v $SSWAN_CFG_DIR:/etc/ipsec.d philplckthun/strongswan)
+
+ pid=$(docker inspect --format "{{.State.Pid}}" sswan)
+ sudo ip link set netns $pid dev swanif
+
+ sudo nsenter -t $pid -n ip addr add 192.168.10.1/24 dev swanif
+ sudo nsenter -t $pid -n ip link set dev swanif up
+
+ sudo nsenter -t $pid -n ip addr add 192.168.5.2/32 dev lo
+ sudo nsenter -t $pid -n ip link set dev lo up
+
+ start_vpp
+ echo "vpp started.."
+ sleep 3
+
+ echo "exec $STARTUP_DIR/configs/$TC_DIR/vpp.conf"
+ vppctl exec $STARTUP_DIR/configs/$TC_DIR/vpp.conf
+ sleep 3
+}
+
+initiate_from_sswan () {
+ echo "start initiation.."
+ sudo docker exec sswan ipsec up initiator
+ sleep 1
+}
+
+test_ping() {
+ sudo ip netns exec ns ping -c 1 192.168.5.2
+ rc=$?
+ if [ $rc -ne 0 ] ; then
+ echo "Test failed!"
+ else
+ echo "Test passed."
+ fi
+ return $rc
+}
+
+unconf_topo () {
+ docker stop sswan &> /dev/null
+ sudo pkill vpp
+ sudo ip netns delete ns
+ sleep 2
+}
+
+initiate_from_vpp () {
+ vppctl ikev2 initiate sa-init pr1
+ sleep 2
+}
+
+#vpp as an responder
+run_responder_test() {
+ config_topo
+ initiate_from_sswan
+ test_ping
+ rc=$?
+ unconf_topo
+ return ${rc}
+}
+
+# vpp as an initiator
+run_initiator_test() {
+ config_topo
+ initiate_from_vpp
+ test_ping
+ rc=$?
+ unconf_topo
+ return ${rc}
+}