Re: [vpp-dev] IPSec ESP Tunnel mode config

Wed, 24 Feb 2021 11:34:14 -0800 

Hi Neale,
  I was wrong. I did a packet capture in null-encryption mode and the packet 
format is of ESP Transport mode type.
   Can you please help me to config ESP Tunnel mode ? Do you have any 
logs/document to refer ?

NULL encryption config:
--------------------------------
vpp# create ipip tunnel src 192.83.1.1 dst 192.83.1.2
ipip0
vpp# ipsec sa add 20 spi 1000 esp crypto-alg none integ-alg none
vpp# ipsec tunnel protect ipip0 sa-out 20 add

Thanks
Govind

From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of Govindarajan 
Mohandoss via lists.fd.io
Sent: Wednesday, February 24, 2021 10:00 AM
To: ne...@graphiant.com; vpp-dev <vpp-dev@lists.fd.io>
Cc: nd <n...@arm.com>
Subject: Re: [vpp-dev] IPSec ESP Tunnel mode config

Thank you Neale. Following set of commands worked.  I hope it is correct.

vpp# create ipip tunnel src 192.83.1.1 dst 192.83.1.2
ipip0
vpp# ipsec sa add 20 spi 1000 crypto-alg aes-gcm-256 crypto-key 
0123456789012345678901234567890101234567890123456789012345678901 salt 0x12345678
vpp# ipsec tunnel protect ipip0 sa-out 20

Foll. command didn't work:
ipsec sa add 20 spi 1000 esp crypto-alg aes-gcm-128 crypto-key 
4a506a794f574265564551694d653768 salt 0x12345678 tunnel src 192.83.1.1 dst 
192.83.1.2

Thanks
Govind

From: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> 
<vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> On Behalf Of Neale Ranns via 
lists.fd.io
Sent: Wednesday, February 24, 2021 9:20 AM
To: Govindarajan Mohandoss 
<govindarajan.mohand...@arm.com<mailto:govindarajan.mohand...@arm.com>>; 
vpp-dev <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>>
Subject: Re: [vpp-dev] IPSec ESP Tunnel mode config

Dear Govind,

The tunnel parameters are parsed separately in recent versions. Try:

  ipsec sa add 20 spi 1000 esp crypto-alg aes-gcm-128 crypto-key 
4a506a794f574265564551694d653768 salt 0x12345678 tunnel src 192.83.1.1 dst 
192.83.1.2

/neale

From: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> 
<vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> on behalf of Govindarajan 
Mohandoss via lists.fd.io 
<Govindarajan.mohandoss=arm....@lists.fd.io<mailto:Govindarajan.mohandoss=arm....@lists.fd.io>>
Date: Wednesday, 24 February 2021 at 15:59
To: vpp-dev <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>>
Cc: nd <n...@arm.com<mailto:n...@arm.com>>, nd 
<n...@arm.com<mailto:n...@arm.com>>
Subject: [vpp-dev] IPSec ESP Tunnel mode config

Dear Maintainers,

   I need help to fix ESP Tunnel mode configuration using debug CLI.

   Following command is throwing parse error. Can you please share the latest 
CLI command ?



vpp# ipsec sa add 20 spi 1000 esp tunnel-src 192.83.1.1 tunnel-dst 192.83.1.2 
crypto-alg aes-gcm-128 crypto-key 4a506a794f574265564551694d653768 salt 
0x12345678

ipsec sa: parse error: '-src 192.83.1.1 tunnel-dst 192...'



Thanks

Govind

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#18799): https://lists.fd.io/g/vpp-dev/message/18799
Mute This Topic: https://lists.fd.io/mt/80878044/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to