Re: [vpp-dev] My plugin is not getting IKE packets on port 4500

Fri, 07 May 2021 01:31:39 -0700 

Hi Vijay,

NATT is more complex because it requires IPsec to punt packets to IKE as IPsec 
and IKE are sharing the same port - hence IPsec will overwrite your UDP port 
registration in this case. See the use of ipsec_register_udp_port() and 
vlib_punt_register() in src/plugins/ikev2/ikev2.c.

Best
ben

> -----Original Message-----
> From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of Vijay Kumar
> Sent: vendredi 7 mai 2021 10:24
> To: vpp-dev <vpp-dev@lists.fd.io>
> Subject: Re: [vpp-dev] My plugin is not getting IKE packets on port 4500
> 
> Hi experts,
> 
> Gentle reminder.
> Has someone faced this issue before
> 
> 
> 
> 
> 
> On Thu, May 6, 2021 at 6:04 PM Vijay Kumar via lists.fd.io
> <http://lists.fd.io>  <vjkumar2003=gmail....@lists.fd.io
> <mailto:gmail....@lists.fd.io> > wrote:
> 
> 
>       Hi team,
> 
>       I have implemented a new isakmp plugin that will register with udp
> for port 500 and 4500 IKE pkts as shown below (In my cluster, we don't use
> the default ikev2 plugin of VPP. The IKEv2 plugin is disabled as we are
> using 3rd party IKE stack)
> 
>       The peer of VPP is Strongswan client.
> 
>       My plugin is getting only IKE pkts over 500 and able to establish SA
> successfully but when I tried NAT case (SS is sending AUTH pkt over 4500),
> the AUTH packet coming over port 4500 is not coming to my IKE graph node
> registered in the udp_register_dst_port() API.
> 
>       I referred to the code of ikev2 plugin and it does the same for port
> registration? Could I be missing something?
> 
> 
>       Port registration
>       ==============
>       udp_register_dst_port (vm, UDP_DST_PORT_IKE,
> an_ppe_isakmpmgr_input_node.index, 1); -----> the 2nd param is port 500
> 
>       udp_register_dst_port (vm, UDP_DST_PORT_IKENAT,
> an_ppe_isakmpmgr_input_node.index, 1); ----> the 2nd param is port 4500
> 
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#19355): https://lists.fd.io/g/vpp-dev/message/19355
Mute This Topic: https://lists.fd.io/mt/82628621/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to