aboutsummaryrefslogtreecommitdiffstats
path: root/extras/strongswan/configs/responder_vrf/vpp.conf
blob: 1b32226965f5af10d28913db5f2ab169dc1a70df (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
ip table add 1

create host-interface name gw1
set interface ip addr host-gw1 192.168.10.2/24
set interface state host-gw1 up

create host-interface name gw2
set int ip table host-gw2 1
set interface ip addr host-gw2 192.168.10.2/24
set interface state host-gw2 up

create host-interface name priv1
set interface ip addr host-priv1 192.168.3.1/24
set interface state host-priv1 up

create host-interface name priv2
set int ip table host-priv2 1
set interface ip addr host-priv2 192.168.3.1/24
set interface state host-priv2 up

ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string Vpp123
ikev2 profile set pr1 id local fqdn vpp.home
ikev2 profile set pr1 id remote fqdn roadwarrior1.vpn.example.com
ikev2 profile set pr1 traffic-selector local ip-range 192.168.3.0 - 192.168.3.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector remote ip-range 192.168.5.0 - 192.168.5.255 port-range 0 - 65535 protocol 0
create ipip tunnel src 192.168.10.2 dst 192.168.10.1
ikev2 profile set pr1 tunnel ipip0
ip route add 192.168.5.0/24 via 192.168.10.1 ipip0
set interface unnumbered ipip0 use host-gw1

ikev2 profile add pr2
ikev2 profile set pr2 auth shared-key-mic string Vpp123
ikev2 profile set pr2 id local fqdn vpp.home
ikev2 profile set pr2 id remote fqdn roadwarrior2.vpn.example.com
ikev2 profile set pr2 traffic-selector local ip-range 192.168.3.0 - 192.168.3.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr2 traffic-selector remote ip-range 192.168.5.0 - 192.168.5.255 port-range 0 - 65535 protocol 0
create ipip tunnel src 192.168.10.2 dst 192.168.10.1 outer-table-id 1
set interface ip table ipip1 1
ikev2 profile set pr2 tunnel ipip1
ip route add table 1 192.168.5.0/24 via 192.168.10.1 ipip1
set interface unnumbered ipip1 use host-gw2

ikev2 set liveness 300 4
ikev2 set logging level 4
event-logger clear
trace add af-packet-input 100