subject:"\[vpp\-dev\] Help with ikev2\/ipsec"

Re: [vpp-dev] Help with ikev2/ipsec

2018-09-18 Thread carlito nueno

Hi Damjan,

Got it.

Any recommendation on how to implement client-to-site vpn with vpp 18.10? I
am not keen on using ikev2.

Thanks.
On Mon, Sep 17, 2018 at 11:50 PM Damjan Marion  wrote:

> Dear carlito,
>
> Native ikev2 in vpp is poc code, i would not consider it as a mature ikev2
> implementation. While it works for some use cases, i will not be surprised
> that in this case something is missing. I’m afraid you are stuck unless
> somebody volunteers to invest some time into it.
>
> —
> Damjan
>
> > On 18 Sep 2018, at 05:17, carlito nueno  wrote:
> >
> > Hi all,
> >
> > I am trying to setup vpn on a vpp router. Testing via MacOS, as client.
> > When a MacOS device connects it should join into a VLAN and receives
> > an ip address under subnet 10.154.3.0/24.
> >
> > I am following this:
> > https://wiki.fd.io/view/VPP/IPSec_and_IKEv2#VPP_configuration_2
> >
> > vpp.conf
> >
> > set int state TenGigabitEthernet8/0/0 up
> > set int ip address TenGigabitEthernet8/0/0 71.22.100.124/29
> > ip route add 0.0.0.0/0 via 71.22.100.130
> > ikev2 profile add pr1
> > ikev2 profile set pr1 auth shared-key-mic string Vpp123
> > ikev2 profile set pr1 id local fqdn vpp.home
> > ikev2 profile set pr1 id remote fqdn roadwarrior.vpn.example.com
> > ikev2 profile set pr1 traffic-selector local ip-range 10.154.3.2 -
> > 10.154.3.220 port-range 0 - 65535 protocol 0
> > ikev2 profile set pr1 traffic-selector remote ip-range 10.154.3.2 -
> > 10.154.3.220 port-range 0 - 65535 protocol 0
> >
> > set int state GigabitEthernet4/0/0 up
> >
> > loopback create
> > set int l2 bridge loop2 3 bvi
> > set int ip address loop2 10.154.3.1/24
> > set int state loop2 up
> >
> > create sub GigabitEthernet4/0/0 3
> > set int l2 bridge GigabitEthernet4/0/0.3 3
> > set int l2 tag-rewrite GigabitEthernet4/0/0.3 pop 1
> > set int state GigabitEthernet4/0/0.3 up
> >
> > nat44 add interface address TenGigabitEthernet8/0/0
> > set interface nat44 in loop2 out TenGigabitEthernet8/0/0
> >
> > macOS network settings:
> > server address: 71.22.100.124
> > remote id: vpp.home
> > local id: roadwarrior.vpn.example.com
> > Shared Secret: Vpp123
> >
> > sh ikev2 sa is empty.
> >
> > Thanks
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> >
> > View/Reply Online (#10529): https://lists.fd.io/g/vpp-dev/message/10529
> > Mute This Topic: https://lists.fd.io/mt/25742356/675642
> > Group Owner: vpp-dev+ow...@lists.fd.io
> > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [dmar...@me.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#10544): https://lists.fd.io/g/vpp-dev/message/10544
Mute This Topic: https://lists.fd.io/mt/25742356/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Help with ikev2/ipsec

2018-09-18 Thread Damjan Marion via Lists.Fd.Io

Dear carlito,

Native ikev2 in vpp is poc code, i would not consider it as a mature ikev2 
implementation. While it works for some use cases, i will not be surprised that 
in this case something is missing. I’m afraid you are stuck unless somebody 
volunteers to invest some time into it.

— 
Damjan

> On 18 Sep 2018, at 05:17, carlito nueno  wrote:
> 
> Hi all,
> 
> I am trying to setup vpn on a vpp router. Testing via MacOS, as client.
> When a MacOS device connects it should join into a VLAN and receives
> an ip address under subnet 10.154.3.0/24.
> 
> I am following this:
> https://wiki.fd.io/view/VPP/IPSec_and_IKEv2#VPP_configuration_2
> 
> vpp.conf
> 
> set int state TenGigabitEthernet8/0/0 up
> set int ip address TenGigabitEthernet8/0/0 71.22.100.124/29
> ip route add 0.0.0.0/0 via 71.22.100.130
> ikev2 profile add pr1
> ikev2 profile set pr1 auth shared-key-mic string Vpp123
> ikev2 profile set pr1 id local fqdn vpp.home
> ikev2 profile set pr1 id remote fqdn roadwarrior.vpn.example.com
> ikev2 profile set pr1 traffic-selector local ip-range 10.154.3.2 -
> 10.154.3.220 port-range 0 - 65535 protocol 0
> ikev2 profile set pr1 traffic-selector remote ip-range 10.154.3.2 -
> 10.154.3.220 port-range 0 - 65535 protocol 0
> 
> set int state GigabitEthernet4/0/0 up
> 
> loopback create
> set int l2 bridge loop2 3 bvi
> set int ip address loop2 10.154.3.1/24
> set int state loop2 up
> 
> create sub GigabitEthernet4/0/0 3
> set int l2 bridge GigabitEthernet4/0/0.3 3
> set int l2 tag-rewrite GigabitEthernet4/0/0.3 pop 1
> set int state GigabitEthernet4/0/0.3 up
> 
> nat44 add interface address TenGigabitEthernet8/0/0
> set interface nat44 in loop2 out TenGigabitEthernet8/0/0
> 
> macOS network settings:
> server address: 71.22.100.124
> remote id: vpp.home
> local id: roadwarrior.vpn.example.com
> Shared Secret: Vpp123
> 
> sh ikev2 sa is empty.
> 
> Thanks
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> 
> View/Reply Online (#10529): https://lists.fd.io/g/vpp-dev/message/10529
> Mute This Topic: https://lists.fd.io/mt/25742356/675642
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [dmar...@me.com]
> -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#10531): https://lists.fd.io/g/vpp-dev/message/10531
Mute This Topic: https://lists.fd.io/mt/25742356/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] Help with ikev2/ipsec

2018-09-17 Thread carlito nueno

Hi all,

I am trying to setup vpn on a vpp router. Testing via MacOS, as client.
When a MacOS device connects it should join into a VLAN and receives
an ip address under subnet 10.154.3.0/24.

I am following this:
https://wiki.fd.io/view/VPP/IPSec_and_IKEv2#VPP_configuration_2

vpp.conf

set int state TenGigabitEthernet8/0/0 up
set int ip address TenGigabitEthernet8/0/0 71.22.100.124/29
ip route add 0.0.0.0/0 via 71.22.100.130
ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string Vpp123
ikev2 profile set pr1 id local fqdn vpp.home
ikev2 profile set pr1 id remote fqdn roadwarrior.vpn.example.com
ikev2 profile set pr1 traffic-selector local ip-range 10.154.3.2 -
10.154.3.220 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector remote ip-range 10.154.3.2 -
10.154.3.220 port-range 0 - 65535 protocol 0

set int state GigabitEthernet4/0/0 up

loopback create
set int l2 bridge loop2 3 bvi
set int ip address loop2 10.154.3.1/24
set int state loop2 up

create sub GigabitEthernet4/0/0 3
set int l2 bridge GigabitEthernet4/0/0.3 3
set int l2 tag-rewrite GigabitEthernet4/0/0.3 pop 1
set int state GigabitEthernet4/0/0.3 up

nat44 add interface address TenGigabitEthernet8/0/0
set interface nat44 in loop2 out TenGigabitEthernet8/0/0

macOS network settings:
server address: 71.22.100.124
remote id: vpp.home
local id: roadwarrior.vpn.example.com
Shared Secret: Vpp123

sh ikev2 sa is empty.

Thanks
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#10529): https://lists.fd.io/g/vpp-dev/message/10529
Mute This Topic: https://lists.fd.io/mt/25742356/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Help with ikev2/ipsec

Re: [vpp-dev] Help with ikev2/ipsec

[vpp-dev] Help with ikev2/ipsec

3 matches

Site Navigation

Mail list logo

Footer information