blob: 4e4b19079d3f821ad4d6d19f001e66eaba667327 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
#
# 2 initiators (strongswan), 1 responder (vpp) topology
#
if [ -f ~/.vpp_sswan ]; then
. ~/.vpp_sswan
fi
STARTUP_DIR="`pwd`"
SSWAN_CFG_DIR=/tmp/sswan
vppctl () {
sudo $VPPCTL -s /tmp/vpp_sswan.sock $@
}
start_vpp() {
sudo $VPP_BIN unix { \
cli-listen /tmp/vpp_sswan.sock \
gid $(id -g) } \
api-segment { prefix vpp } \
plugins { plugin dpdk_plugin.so { disable } }
sleep 5
echo "exec $STARTUP_DIR/configs/$TC_DIR/vpp.conf"
vppctl exec $STARTUP_DIR/configs/$TC_DIR/vpp.conf
sleep 3
}
initiator_conf() {
sudo rm -r $SSWAN_CFG_DIR$1
sudo mkdir -p $SSWAN_CFG_DIR$1
sudo cp configs/$TC_DIR/ipsec$1.conf $SSWAN_CFG_DIR$1/ipsec.conf
sudo cp configs/$TC_DIR/ipsec.secrets $SSWAN_CFG_DIR$1/ipsec.secrets
sudo cp configs/strongswan.conf $SSWAN_CFG_DIR$1/strongswan.conf
}
config_topo () {
ns_name="ns"$1
init_name="sswan"$1
(sudo ip link add gw$1 type veth peer name veth_gw$1
sudo ip link set dev gw$1 up
sudo ip netns add $ns_name
sudo ip link add veth_priv$1 type veth peer name priv$1
sudo ip link set dev priv$1 up
sudo ip link set dev veth_priv$1 up netns $ns_name
sudo ip netns exec $ns_name \
bash -c "
ip link set dev lo up
ip addr add 192.168.3.2/24 dev veth_priv$1
ip addr add fec3::2/16 dev veth_priv$1
ip route add 192.168.5.0/24 via 192.168.3.1
ip route add fec5::0/16 via fec3::1
") &> /dev/null
initiator_conf $1
(docker run --name $init_name -d --privileged --rm --net=none \
-v $SSWAN_CFG_DIR$1:/conf -v $SSWAN_CFG_DIR$1:/etc/ipsec.d philplckthun/strongswan)
pid=$(docker inspect --format "{{.State.Pid}}" $init_name)
sudo ip link set netns $pid dev veth_gw$1
sudo nsenter -t $pid -n ip addr add 192.168.10.1/24 dev veth_gw$1
sudo nsenter -t $pid -n ip link set dev veth_gw$1 up
sudo nsenter -t $pid -n ip addr add 192.168.5.2/32 dev lo
sudo nsenter -t $pid -n ip link set dev lo up
}
initiate_from_sswan () {
echo "start initiation.."
sudo docker exec sswan$1 ipsec up initiator
sleep 3
}
test_ping() {
sudo ip netns exec $1 ping -c 1 192.168.5.2
rc=$?
if [ $rc -ne 0 ] ; then
echo "Test failed!"
else
echo "Test passed."
fi
return $rc
}
unconf_topo () {
docker stop sswan1 &> /dev/null
docker stop sswan2 &> /dev/null
sudo pkill vpp
sudo ip netns delete ns1
sudo ip netns delete ns2
sleep 2
}
initiate_from_vpp () {
vppctl ikev2 initiate sa-init pr1
sleep 2
}
#vpp as an responder
run_responder_test() {
unconf_topo
config_topo "1"
config_topo "2"
start_vpp
initiate_from_sswan "1"
initiate_from_sswan "2"
test_ping "ns2"
test_ping "ns1"
}
|
