Re: [vpp-dev] VPP IPSec Related Doubts

Mon, 17 Jan 2022 08:36:46 -0800 

Hi Juraj,

Thanks for your reply.
I was able to get the things working with new commands.

Thanks,
Hrishikesh

On Mon, Jan 17, 2022 at 7:02 PM Juraj Linkeš <juraj.lin...@pantheon.tech>
wrote:

> Hi Hrishikesh,
>
>
>
> The API has changed, try without the hyphen:
>
> ipsec sa add 10 spi 1000 esp tunnel src 192.168.1.1 tunnel dst 192.168.1.2
> crypto-key 4339314b55523947594d6d3547666b45 crypto-alg aes-cbc-128
> integ-key 4339314b55523947594d6d3547666b45 integ-alg sha1-96
>
>
>
> Regards,
>
> Juraj
>
>
>
> *From:* vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> *On Behalf Of *Hrishikesh
> Karanjikar
> *Sent:* Thursday, December 16, 2021 10:45 AM
> *To:* vpp-dev@lists.fd.io
> *Subject:* [vpp-dev] VPP IPSec Related Doubts
>
>
>
> Hi All,
>
>
>
> I am trying to get following setup working,
>
>
>
>
> https://www.intel.com/content/www/us/en/developer/articles/guide/get-started-with-ipsec-acceleration-in-the-fdio-vpp-project.html
>
>
>
> The commands in above setup are as follows,
>
> =================================================================
>
> set int ip address TenGigabitEthernet6/0/0 192.168.30.30/24
> set int promiscuous on TenGigabitEthernet6/0/0
> set int ip address TenGigabitEthernet6/0/1 192.168.30.31/24
> set int promiscuous on TenGigabitEthernet6/0/1
>
> ipsec spd add 1
> set interface ipsec spd TenGigabitEthernet6/0/1 1
> ipsec sa add 10 spi 1000 esp tunnel-src 192.168.1.1 tunnel-dst 192.168.1.2
> crypto-key 4339314b55523947594d6d3547666b45 crypto-alg aes-cbc-128
> integ-key 4339314b55523947594d6d3547666b45 integ-alg sha1-96
> ipsec policy add spd 1 outbound priority 100 action protect sa 10
> local-ip-range 192.168.20.0-192.168.20.255 remote-ip-range
> 192.168.40.0-192.168.40.255
> ipsec policy add spd 1 outbound priority 90 protocol 50 action bypass
>
> ip route add 192.168.40.40/32 via 192.168.1.2 TenGigabitEthernet6/0/1
> set ip arp TenGigabitEthernet6/0/1 192.168.1.2 90:e2:ba:50:8f:19
>
> set int state TenGigabitEthernet6/0/0 up
> set int state TenGigabitEthernet6/0/1 up
>
> =================================================================
>
>
> However, a few commands in the setup are failing.
>
> e.g.
>
> DBGvpp# ipsec sa add 10 spi 1000 esp tunnel-src 192.168.1.1 tunnel-dst
> 192.168.1.2 crypto-key 4339314b55523947594d6d3547666b45 crypto-alg
> aes-cbc-128 integ-key 4339314b55523947594d6d3547666b45 integ-alg sha1-96
> ipsec sa: parse error: '-src 192.168.1.1 tunnel-dst 19...'
>
>
>
> Can anybody guide me on how to go about this?
>
>
>
> --
>
>
> Thanks and Regards,
> Hrishikesh Karanjikar
>


-- 

Regards,
Hrishikesh Karanjikar

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#20736): https://lists.fd.io/g/vpp-dev/message/20736
Mute This Topic: https://lists.fd.io/mt/87764016/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to