Hi Govind, Please see: https://wiki.fd.io/view/VPP/IPSec
/neale From: Govindarajan Mohandoss <govindarajan.mohand...@arm.com> Date: Wednesday, 24 February 2021 at 20:34 To: Govindarajan Mohandoss <govindarajan.mohand...@arm.com>, Neale Ranns <ne...@graphiant.com>, vpp-dev <vpp-dev@lists.fd.io> Cc: nd <n...@arm.com>, nd <n...@arm.com> Subject: RE: [vpp-dev] IPSec ESP Tunnel mode config Hi Neale, I was wrong. I did a packet capture in null-encryption mode and the packet format is of ESP Transport mode type. Can you please help me to config ESP Tunnel mode ? Do you have any logs/document to refer ? NULL encryption config: -------------------------------- vpp# create ipip tunnel src 192.83.1.1 dst 192.83.1.2 ipip0 vpp# ipsec sa add 20 spi 1000 esp crypto-alg none integ-alg none vpp# ipsec tunnel protect ipip0 sa-out 20 add Thanks Govind From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of Govindarajan Mohandoss via lists.fd.io Sent: Wednesday, February 24, 2021 10:00 AM To: ne...@graphiant.com; vpp-dev <vpp-dev@lists.fd.io> Cc: nd <n...@arm.com> Subject: Re: [vpp-dev] IPSec ESP Tunnel mode config Thank you Neale. Following set of commands worked. I hope it is correct. vpp# create ipip tunnel src 192.83.1.1 dst 192.83.1.2 ipip0 vpp# ipsec sa add 20 spi 1000 crypto-alg aes-gcm-256 crypto-key 0123456789012345678901234567890101234567890123456789012345678901 salt 0x12345678 vpp# ipsec tunnel protect ipip0 sa-out 20 Foll. command didn’t work: ipsec sa add 20 spi 1000 esp crypto-alg aes-gcm-128 crypto-key 4a506a794f574265564551694d653768 salt 0x12345678 tunnel src 192.83.1.1 dst 192.83.1.2 Thanks Govind From: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> On Behalf Of Neale Ranns via lists.fd.io Sent: Wednesday, February 24, 2021 9:20 AM To: Govindarajan Mohandoss <govindarajan.mohand...@arm.com<mailto:govindarajan.mohand...@arm.com>>; vpp-dev <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> Subject: Re: [vpp-dev] IPSec ESP Tunnel mode config Dear Govind, The tunnel parameters are parsed separately in recent versions. Try: ipsec sa add 20 spi 1000 esp crypto-alg aes-gcm-128 crypto-key 4a506a794f574265564551694d653768 salt 0x12345678 tunnel src 192.83.1.1 dst 192.83.1.2 /neale From: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> on behalf of Govindarajan Mohandoss via lists.fd.io <Govindarajan.mohandoss=arm....@lists.fd.io<mailto:Govindarajan.mohandoss=arm....@lists.fd.io>> Date: Wednesday, 24 February 2021 at 15:59 To: vpp-dev <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> Cc: nd <n...@arm.com<mailto:n...@arm.com>>, nd <n...@arm.com<mailto:n...@arm.com>> Subject: [vpp-dev] IPSec ESP Tunnel mode config Dear Maintainers, I need help to fix ESP Tunnel mode configuration using debug CLI. Following command is throwing parse error. Can you please share the latest CLI command ? vpp# ipsec sa add 20 spi 1000 esp tunnel-src 192.83.1.1 tunnel-dst 192.83.1.2 crypto-alg aes-gcm-128 crypto-key 4a506a794f574265564551694d653768 salt 0x12345678 ipsec sa: parse error: '-src 192.83.1.1 tunnel-dst 192...' Thanks Govind
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#18803): https://lists.fd.io/g/vpp-dev/message/18803 Mute This Topic: https://lists.fd.io/mt/80878044/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
