Re: [vpp-dev] VPP IPSec Related Doubts

Mon, 17 Jan 2022 05:32:18 -0800 

Hi Hrishikesh,

The API has changed, try without the hyphen:
ipsec sa add 10 spi 1000 esp tunnel src 192.168.1.1 tunnel dst 192.168.1.2 
crypto-key 4339314b55523947594d6d3547666b45 crypto-alg aes-cbc-128 integ-key 
4339314b55523947594d6d3547666b45 integ-alg sha1-96

Regards,
Juraj

From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of Hrishikesh 
Karanjikar
Sent: Thursday, December 16, 2021 10:45 AM
To: vpp-dev@lists.fd.io
Subject: [vpp-dev] VPP IPSec Related Doubts

Hi All,

I am trying to get following setup working,

https://www.intel.com/content/www/us/en/developer/articles/guide/get-started-with-ipsec-acceleration-in-the-fdio-vpp-project.html

The commands in above setup are as follows,
=================================================================
set int ip address TenGigabitEthernet6/0/0 
192.168.30.30/24<http://192.168.30.30/24>
set int promiscuous on TenGigabitEthernet6/0/0
set int ip address TenGigabitEthernet6/0/1 
192.168.30.31/24<http://192.168.30.31/24>
set int promiscuous on TenGigabitEthernet6/0/1

ipsec spd add 1
set interface ipsec spd TenGigabitEthernet6/0/1 1
ipsec sa add 10 spi 1000 esp tunnel-src 192.168.1.1 tunnel-dst 192.168.1.2 
crypto-key 4339314b55523947594d6d3547666b45 crypto-alg aes-cbc-128 integ-key 
4339314b55523947594d6d3547666b45 integ-alg sha1-96
ipsec policy add spd 1 outbound priority 100 action protect sa 10 
local-ip-range 192.168.20.0-192.168.20.255 remote-ip-range 
192.168.40.0-192.168.40.255
ipsec policy add spd 1 outbound priority 90 protocol 50 action bypass

ip route add 192.168.40.40/32<http://192.168.40.40/32> via 192.168.1.2 
TenGigabitEthernet6/0/1
set ip arp TenGigabitEthernet6/0/1 192.168.1.2 90:e2:ba:50:8f:19

set int state TenGigabitEthernet6/0/0 up
set int state TenGigabitEthernet6/0/1 up
=================================================================

However, a few commands in the setup are failing.
e.g.
DBGvpp# ipsec sa add 10 spi 1000 esp tunnel-src 192.168.1.1 tunnel-dst 
192.168.1.2 crypto-key 4339314b55523947594d6d3547666b45 crypto-alg aes-cbc-128 
integ-key 4339314b55523947594d6d3547666b45 integ-alg sha1-96
ipsec sa: parse error: '-src 192.168.1.1 tunnel-dst 19...'

Can anybody guide me on how to go about this?

--

Thanks and Regards,
Hrishikesh Karanjikar

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#20734): https://lists.fd.io/g/vpp-dev/message/20734
Mute This Topic: https://lists.fd.io/mt/87764016/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to