diff options
Diffstat (limited to 'extras/strongswan/vpp_sswan/docker/configs')
4 files changed, 110 insertions, 0 deletions
diff --git a/extras/strongswan/vpp_sswan/docker/configs/startup.conf b/extras/strongswan/vpp_sswan/docker/configs/startup.conf new file mode 100644 index 00000000000..5cdd389e6f1 --- /dev/null +++ b/extras/strongswan/vpp_sswan/docker/configs/startup.conf @@ -0,0 +1,32 @@ +unix { + nodaemon + full-coredump + cli-listen /run/vpp/cli.sock + exec /root/vpp_sswan/docker/configs/vpp.conf +} + +api-trace { + on +} + +socksvr { + default +} + +cpu { + main-core 1 + corelist-workers 2 +} + +dpdk { + no-pci +} + +plugins { + plugin linux_cp_plugin.so { enable } + plugin ikev2_plugin.so { disable } +} + +linux-cp { + lcp-sync +} diff --git a/extras/strongswan/vpp_sswan/docker/configs/swanctl_docker1.conf b/extras/strongswan/vpp_sswan/docker/configs/swanctl_docker1.conf new file mode 100644 index 00000000000..ac24bf5bb5d --- /dev/null +++ b/extras/strongswan/vpp_sswan/docker/configs/swanctl_docker1.conf @@ -0,0 +1,35 @@ +connections { + net-net { + local_addrs = 192.168.0.2 + remote_addrs = 192.168.0.1 + local { + auth = psk + id = sun.strongswan.org + } + remote { + auth = psk + id = moon.strongswan.org + } + children { + net-net { + local_ts = 192.168.200.0/24 + remote_ts = 192.168.100.0/24 + esp_proposals = aes128-sha1-modp2048 + rekey_time = 240m + } + } + version = 2 + mobike = yes + encap = no # NAT-T if needed + proposals = aes128-sha256-x25519 + } +} +secrets { + ike-net-net { + id = moon.strongswan.org + secret = simplepsk + } +} + +# Include config snippets +include conf.d/*.conf diff --git a/extras/strongswan/vpp_sswan/docker/configs/swanctl_docker2.conf b/extras/strongswan/vpp_sswan/docker/configs/swanctl_docker2.conf new file mode 100644 index 00000000000..a7ada86f499 --- /dev/null +++ b/extras/strongswan/vpp_sswan/docker/configs/swanctl_docker2.conf @@ -0,0 +1,35 @@ +connections { + net-net { + local_addrs = 192.168.0.1 + remote_addrs = 192.168.0.2 + local { + auth = psk + id = moon.strongswan.org + } + remote { + auth = psk + id = sun.strongswan.org + } + children { + net-net { + local_ts = 192.168.100.0/24 + remote_ts = 192.168.200.0/24 + esp_proposals = aes128-sha1-modp2048 + rekey_time = 240m + } + } + version = 2 + mobike = yes + encap = no # NAT-T if needed + proposals = aes128-sha256-x25519 + } +} +secrets { + ike-net-net { + id = moon.strongswan.org + secret = simplepsk + } +} + +# Include config snippets +include conf.d/*.conf diff --git a/extras/strongswan/vpp_sswan/docker/configs/vpp.conf b/extras/strongswan/vpp_sswan/docker/configs/vpp.conf new file mode 100644 index 00000000000..dbf142d9ee4 --- /dev/null +++ b/extras/strongswan/vpp_sswan/docker/configs/vpp.conf @@ -0,0 +1,8 @@ +create host-interface name docker_1_eth2 +lcp create host-docker_1_eth2 host-if eth2 +set interface state host-docker_1_eth2 up +set interface ip address host-docker_1_eth2 192.168.0.2/24 + +create host-interface name docker_1a_eth1 +set interface state host-docker_1a_eth1 up +set interface ip address host-docker_1a_eth1 192.168.200.1/24 |