Hi, IPSec AH (authentication only) is not supported.
Regards, Matus From: 薛欣颖 [mailto:xy...@fiberhome.com] Sent: Friday, May 26, 2017 7:51 AM To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) <matfa...@cisco.com>; vpp-dev <vpp-dev@lists.fd.io> Subject: 回复: RE: [vpp-dev] IPSEC IPV6 Hi Matus, In https://wiki.fd.io/view/VPP/IPSec_and_IKEv2#Enable_SPD_on_an_interface I can only find the configuration about IPSEC ESP .What should I do to configure IPSec AH in tunnel or transport mode? Thanks, xyxue 发件人: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)<mailto:matfa...@cisco.com> 发送时间: 2017-05-22 14:17 收件人: 薛欣颖<mailto:xy...@fiberhome.com>; vpp-dev<mailto:vpp-dev@lists.fd.io> 主题: RE: RE: [vpp-dev] IPSEC IPV6 Hi, Ipsec tunnel interface support only IPv4, IPv6 works only when you create SA and SPD entry and enable IPSec feature on interface (https://wiki.fd.io/view/VPP/IPSec_and_IKEv2#Enable_SPD_on_an_interface). Supported is only AH+ESP in tunnel or transport mode. Regards, Matus From: 薛欣颖 [mailto:xy...@fiberhome.com] Sent: Monday, May 22, 2017 8:09 AM To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco) <matfa...@cisco.com<mailto:matfa...@cisco.com>>; vpp-dev <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> Subject: 回复: RE: [vpp-dev] IPSEC IPV6 Hi Matus, There is only ip4 address in create_ipsec_tunnel_command_fn and ipsec_add_del_tunnel_args_t if (unformat (line_input, "local-ip %U", unformat_ip4_address, &a.local_ip)) num_m_args++; else if (unformat (line_input, "remote-ip %U", unformat_ip4_address, &a.remote_ip)) num_m_args++; ip4_address_t local_ip, remote_ip; When I add ipv6 addr and input,then I configure ipsec ipv6 ,will IPSec IPv6 work? By the way, does vpp support IPSEC AH? What about IPSEC AH + ESP? Thanks, xyxue 发件人: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)<mailto:matfa...@cisco.com> 发送时间: 2017-05-22 12:50 收件人: 薛欣颖<mailto:xy...@fiberhome.com>; vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> 主题: RE: [vpp-dev] IPSEC IPV6 Hi, IPSec has IPv6 support, see examples here https://wiki.fd.io/view/VPP/IPSec_and_IKEv2#IPSec and use IPv6 adresses instead of IPv4. Regards, Matus From: vpp-dev-boun...@lists.fd.io<mailto:vpp-dev-boun...@lists.fd.io> [mailto:vpp-dev-boun...@lists.fd.io] On Behalf Of ??? Sent: Saturday, May 20, 2017 8:05 AM To: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io> Subject: [vpp-dev] IPSEC IPV6 Hi guys, Is it possible to configure IPSEC IPV6 now? And how can I configure it? Thanks, xyxue
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
