Hi Juraj, Thanks for your reply. I was able to get the things working with new commands.
Thanks, Hrishikesh On Mon, Jan 17, 2022 at 7:02 PM Juraj Linkeš <juraj.lin...@pantheon.tech> wrote: > Hi Hrishikesh, > > > > The API has changed, try without the hyphen: > > ipsec sa add 10 spi 1000 esp tunnel src 192.168.1.1 tunnel dst 192.168.1.2 > crypto-key 4339314b55523947594d6d3547666b45 crypto-alg aes-cbc-128 > integ-key 4339314b55523947594d6d3547666b45 integ-alg sha1-96 > > > > Regards, > > Juraj > > > > *From:* vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> *On Behalf Of *Hrishikesh > Karanjikar > *Sent:* Thursday, December 16, 2021 10:45 AM > *To:* vpp-dev@lists.fd.io > *Subject:* [vpp-dev] VPP IPSec Related Doubts > > > > Hi All, > > > > I am trying to get following setup working, > > > > > https://www.intel.com/content/www/us/en/developer/articles/guide/get-started-with-ipsec-acceleration-in-the-fdio-vpp-project.html > > > > The commands in above setup are as follows, > > ================================================================= > > set int ip address TenGigabitEthernet6/0/0 192.168.30.30/24 > set int promiscuous on TenGigabitEthernet6/0/0 > set int ip address TenGigabitEthernet6/0/1 192.168.30.31/24 > set int promiscuous on TenGigabitEthernet6/0/1 > > ipsec spd add 1 > set interface ipsec spd TenGigabitEthernet6/0/1 1 > ipsec sa add 10 spi 1000 esp tunnel-src 192.168.1.1 tunnel-dst 192.168.1.2 > crypto-key 4339314b55523947594d6d3547666b45 crypto-alg aes-cbc-128 > integ-key 4339314b55523947594d6d3547666b45 integ-alg sha1-96 > ipsec policy add spd 1 outbound priority 100 action protect sa 10 > local-ip-range 192.168.20.0-192.168.20.255 remote-ip-range > 192.168.40.0-192.168.40.255 > ipsec policy add spd 1 outbound priority 90 protocol 50 action bypass > > ip route add 192.168.40.40/32 via 192.168.1.2 TenGigabitEthernet6/0/1 > set ip arp TenGigabitEthernet6/0/1 192.168.1.2 90:e2:ba:50:8f:19 > > set int state TenGigabitEthernet6/0/0 up > set int state TenGigabitEthernet6/0/1 up > > ================================================================= > > > However, a few commands in the setup are failing. > > e.g. > > DBGvpp# ipsec sa add 10 spi 1000 esp tunnel-src 192.168.1.1 tunnel-dst > 192.168.1.2 crypto-key 4339314b55523947594d6d3547666b45 crypto-alg > aes-cbc-128 integ-key 4339314b55523947594d6d3547666b45 integ-alg sha1-96 > ipsec sa: parse error: '-src 192.168.1.1 tunnel-dst 19...' > > > > Can anybody guide me on how to go about this? > > > > -- > > > Thanks and Regards, > Hrishikesh Karanjikar > -- Regards, Hrishikesh Karanjikar
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#20736): https://lists.fd.io/g/vpp-dev/message/20736 Mute This Topic: https://lists.fd.io/mt/87764016/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-