Dear VPP experts,
I'm trying to configure ipsec with python API in vpp19.08.
My configurations are as follows:
reply = vpp.api.ipsec_tunnel_if_add_del(is_add = 1,
local_ip = "192.168.1.1",
remote_ip = "192.168.2.2",
local_spi = 1031,
remote_spi = 1030,
crypto_alg = 7,
local_crypto_key_len = 16,
local_crypto_key = "2b7e151628aed2a6abf7158809cf4f3d",
remote_crypto_key_len = 16,
remote_crypto_key = "2b7e151628aed2a6abf7158809cf4f3d",
integ_alg = 2,
local_integ_key_len = 16,
local_integ_key = "4339314b55523947594d6d3547666b45",
remote_integ_key_len = 16,
remote_integ_key = "4339314b55523947594d6d3547666b45",
renumber = 1,
show_instance = 1)
But the output SA information is as follows:
vpp# show ipsec sa 0
[0] sa 2147483648 (0x80000000) spi 1030 (0x00000406) protocol:esp flags:[tunnel
inbound aead ]
locks 1
salt 0x0
seq 0 seq-hi 0
last-seq 0 last-seq-hi 0 window
0000000000000000000000000000000000000000000000000000000000000000
crypto alg aes-gcm-128 key 32623765313531363238616564326136
integrity alg sha1-96 key 34333339333134623535353233393437
packets 0 bytes 0
table-ID 0 tunnel src 192.168.2.2 dst 192.168.1.1
The crypto_key I configured is '2b7e151628aed2a6abf7158809cf4f3d', but the
output key is '32623765313531363238616564326136'.
The output crypto key looks like a random number.
This situation does not happen when I use CLI like this:
'create ipsec tunnel local-ip 192.168.1.1 remote-ip 192.168.2.2 local-spi 1031
remote-spi 1030 local-crypto-key 2b7e151628aed2a6abf7158809cf4f3d
remote-crypto-key 2b7e151628aed2a6abf7158809cf4f3d crypto-alg aes-gcm-128'
Could you please give me some help?
Best regards,
Arvin
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#14676): https://lists.fd.io/g/vpp-dev/message/14676
Mute This Topic: https://lists.fd.io/mt/61874477/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
