[vpp-dev] Error when trying to test ipsec gre, and packet can not be decrypted.

唐伟 Wed, 31 Jan 2018 22:59:53 -0800

Hi guys,

My configuration about ipsec gre is shown below:
Vpp1：
create host-interface name eth2 mac 00:0c:29:f2:15:8b
set interface state host-eth2 up
set interface ip address host-eth2 10.0.0.1/24
create host-interface name eth1 mac 00:0c:29:f2:15:81
set interface state host-eth1 up
set interface ip address host-eth1 20.0.0.1/24
ipsec sa add 10 spi 1001 esp crypto-alg aes-cbc-128 crypto-key 
4a506a794f574265564551694d653768 integ-alg sha1-96 integ-key 
4339314b55523947594d6d3547666b45764e6a58
ipsec sa add 20 spi 1002 esp crypto-alg aes-cbc-128 crypto-key 
5a506a794f574265564551694d653768 integ-alg sha1-96 integ-key 
5339314b55523947594d6d3547666b45764e6a58
create ipsec gre tunnel src 10.0.0.1 dst 10.0.0.2 local-sa 10 remote-sa 20
set interface ip address ipsec-gre0 100.1.1.1/24
set interface state ipsec-gre0 up
ip route add 21.0.0.2/24 via ip4-address 100.1.1.2 interface ipsec-gre0


vpp2:
create host-interface name eth2 mac 00:0c:29:e0:87:dd 
set interface state host-eth2 up
set interface ip address host-eth2 10.0.0.2/24
create host-interface name eth3 mac 00:0c:29:e0:87:e7
set interface state host-eth3 up
set interface ip address host-eth3 21.0.0.2/24
ipsec sa add 10 spi 1001 esp crypto-alg aes-cbc-128 crypto-key 
4a506a794f574265564551694d653768 integ-alg sha1-96 integ-key 
4339314b55523947594d6d3547666b45764e6a58
ipsec sa add 20 spi 1002 esp crypto-alg aes-cbc-128 crypto-key 
5a506a794f574265564551694d653768 integ-alg sha1-96 integ-key 
5339314b55523947594d6d3547666b45764e6a58
create ipsec gre tunnel src 10.0.0.2 dst 10.0.0.1 local-sa 20 remote-sa 10
set interface ip address ipsec-gre0 100.1.1.2/24
set interface state ipsec-gre0 up
ip route add 20.0.0.1/24 via ip4-address 100.1.1.1 interface ipsec-gre0


The trace:

Packet 3

00:03:19:325858: af-packet-input
  af_packet: hw_if_index 1 next-index 4
    tpacket2_hdr:
      status 0x20000001 len 166 snaplen 166 mac 66 net 80
      sec 0x5a72b5ef nsec 0x1a6aa25c vlan 0
00:03:19:325878: ethernet-input
  IP4: 00:0c:29:e0:87:dd -> 00:0c:29:f2:15:8b
00:03:19:325894: ip4-input
  IPSEC_ESP: 10.0.0.2 -> 10.0.0.1
    tos 0x00, ttl 253, length 152, checksum 0xa931
    fragment id 0x0000
00:03:19:325899: ip4-lookup
  fib 0 dpo-idx 6 flow hash: 0x00000000
  IPSEC_ESP: 10.0.0.2 -> 10.0.0.1
    tos 0x00, ttl 253, length 152, checksum 0xa931
    fragment id 0x0000
00:03:19:325909: ip4-local
    IPSEC_ESP: 10.0.0.2 -> 10.0.0.1                                             
                                                                                
   
      tos 0x00, ttl 253, length 152, checksum 0xa931
      fragment id 0x0000
00:03:19:325913: ip4-punt
    IPSEC_ESP: 10.0.0.2 -> 10.0.0.1
      tos 0x00, ttl 253, length 152, checksum 0xa931
      fragment id 0x0000
00:03:19:325920: error-punt
  ip4-input: unknown ip protocol

Packet 4

  
 How can I solve the problem?
 
 Thanks,
 Wtang

_______________________________________________
vpp-dev mailing list
[email protected]
https://lists.fd.io/mailman/listinfo/vpp-dev

[vpp-dev] Error when trying to test ipsec gre, and packet can not be decrypted.

Reply via email to