Hi team, I have implemented a new isakmp plugin that will register with udp for port 500 and 4500 IKE pkts as shown below (In my cluster, we don't use the default ikev2 plugin of VPP. The IKEv2 plugin is disabled as we are using 3rd party IKE stack)
The peer of VPP is Strongswan client. My plugin is getting only IKE pkts over 500 and able to establish SA successfully but when I tried NAT case (SS is sending AUTH pkt over 4500), the AUTH packet coming over port 4500 is not coming to my IKE graph node registered in the udp_register_dst_port() API. I referred to the code of ikev2 plugin and it does the same for port registration? Could I be missing something? Port registration ============== udp_register_dst_port (vm, UDP_DST_PORT_IKE, an_ppe_isakmpmgr_input_node.index, 1); -----> the 2nd param is port 500 udp_register_dst_port (vm, UDP_DST_PORT_IKENAT, an_ppe_isakmpmgr_input_node.index, 1); ----> the 2nd param is port 4500
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#19352): https://lists.fd.io/g/vpp-dev/message/19352 Mute This Topic: https://lists.fd.io/mt/82628621/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
