[vpp-dev] IKEv2 VPN tunnel working in one direction

Mon, 04 Jun 2018 04:10:43 -0700 

Hi,
I had configured VPP with IKEv2 & the other end is Strongswan.VPN tunnel is 
established successfully. When I start ping from Strongswan I can see 
encapsulated packet towards VPP & VPP is able to successfilly decap it & give 
it to host. But ICMP reply from host is by passed through VPP.When I checked 
FIB entry, there is default route to Gateway. Is there any configuration I am 
missing?Looking forward for the reply.
VPP IKev2 Configuration:
vpp# show ikev2 profileprofile pr1  auth-method shared-key-mic auth data Vpp123 
 local id-type fqdn data vpp.home  remote id-type fqdn data 
roadwarrior.vpn.example.com  local traffic-selector addr 172.16.124.0 - 
172.16.124.255 port 0 - 65535 protocol 0  remote traffic-selector addr 
172.16.4.0 - 172.16.4.255 port 0 - 65535 protocol 0
vpp# show ikev2 sa iip 147.75.91.166 ispi 6079d8558bccd119 rip 147.75.201.30 
rspi a2620372c871ac92 encr:aes-cbc-256 prf:hmac-sha1 integ:sha1-96 
dh-group:modp-1024  nonce 
i:c71dcee5b089e058ab7614dee2638711e113827ce4109e4e21a276fb4b40980d        
r:95f1a2d36da6f64122a5c887bf84f5f35f2424344a4543c3e1dd1e1e2fde8cd2  SK_d    
4d4b5affe49fcbb38c2bff3e0e9aac74c8a93320  SK_a  
i:0b3784270c25203a811b78965f5f5f2ee5fe2ea0        
r:4d035d81c68b40c5bcd8b69f35ee650a9b423aa5  SK_e  
i:1db2b5cbf1204b38834abb0b557f4df4b1e8db70cff48e96133fae5ea970ef3e        
r:8a4093c2ce61e8e26ace85ccd897c6c0a187a9e1be8cdd6f48c7e38c5af2a96f  SK_p  
i:4baa1726ffed5116952aebe9ac8a31b1eb9e5968        
r:710ab0d9d64c7ad34c8ef8e5f2919214e7ef4687  identifier (i) fqdn 
roadwarrior.vpn.example.com  identifier (r) fqdn vpp.home  child sa 0:    
encr:aes-cbc-192 integ:sha1-96 esn:no    spi(i) c6a49aef spi(r) d7541012    
SK_e  i:26b9ff196e7afd401799eeddb720f924bf185983797afa55          
r:56e12e9f1dc8cee609d8405786e4a61a1d57f5c6ebdee909    SK_a  
i:a1de061de25c82295f3c7f1f12eeb32e4048d28b          
r:e22af26875ab79698b260b832993c63bacce6a59    traffic selectors (i):      0 
type 7 protocol_id 0 addr 172.16.4.0 - 172.16.4.255 port 0 - 65535    traffic 
selectors (r):      0 type 7 protocol_id 0 addr 172.16.124.0 - 172.16.124.255 
port 0 - 65535 iip 147.75.91.166 ispi 6079d8558bccd119 rip 147.75.201.30 rspi 
a2620372c871ac92

Thanks,Saurabh

Reply via email to