Hi Damjan, Got it.
Any recommendation on how to implement client-to-site vpn with vpp 18.10? I am not keen on using ikev2. Thanks. On Mon, Sep 17, 2018 at 11:50 PM Damjan Marion <dmar...@me.com> wrote: > Dear carlito, > > Native ikev2 in vpp is poc code, i would not consider it as a mature ikev2 > implementation. While it works for some use cases, i will not be surprised > that in this case something is missing. I’m afraid you are stuck unless > somebody volunteers to invest some time into it. > > — > Damjan > > > On 18 Sep 2018, at 05:17, carlito nueno <carlitonu...@gmail.com> wrote: > > > > Hi all, > > > > I am trying to setup vpn on a vpp router. Testing via MacOS, as client. > > When a MacOS device connects it should join into a VLAN and receives > > an ip address under subnet 10.154.3.0/24. > > > > I am following this: > > https://wiki.fd.io/view/VPP/IPSec_and_IKEv2#VPP_configuration_2 > > > > vpp.conf > > > > set int state TenGigabitEthernet8/0/0 up > > set int ip address TenGigabitEthernet8/0/0 71.22.100.124/29 > > ip route add 0.0.0.0/0 via 71.22.100.130 > > ikev2 profile add pr1 > > ikev2 profile set pr1 auth shared-key-mic string Vpp123 > > ikev2 profile set pr1 id local fqdn vpp.home > > ikev2 profile set pr1 id remote fqdn roadwarrior.vpn.example.com > > ikev2 profile set pr1 traffic-selector local ip-range 10.154.3.2 - > > 10.154.3.220 port-range 0 - 65535 protocol 0 > > ikev2 profile set pr1 traffic-selector remote ip-range 10.154.3.2 - > > 10.154.3.220 port-range 0 - 65535 protocol 0 > > > > set int state GigabitEthernet4/0/0 up > > > > loopback create > > set int l2 bridge loop2 3 bvi > > set int ip address loop2 10.154.3.1/24 > > set int state loop2 up > > > > create sub GigabitEthernet4/0/0 3 > > set int l2 bridge GigabitEthernet4/0/0.3 3 > > set int l2 tag-rewrite GigabitEthernet4/0/0.3 pop 1 > > set int state GigabitEthernet4/0/0.3 up > > > > nat44 add interface address TenGigabitEthernet8/0/0 > > set interface nat44 in loop2 out TenGigabitEthernet8/0/0 > > > > macOS network settings: > > server address: 71.22.100.124 > > remote id: vpp.home > > local id: roadwarrior.vpn.example.com > > Shared Secret: Vpp123 > > > > sh ikev2 sa is empty. > > > > Thanks > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > > > View/Reply Online (#10529): https://lists.fd.io/g/vpp-dev/message/10529 > > Mute This Topic: https://lists.fd.io/mt/25742356/675642 > > Group Owner: vpp-dev+ow...@lists.fd.io > > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [dmar...@me.com] > > -=-=-=-=-=-=-=-=-=-=-=- >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#10544): https://lists.fd.io/g/vpp-dev/message/10544 Mute This Topic: https://lists.fd.io/mt/25742356/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
