Re: [vpp-dev] How to configure l2 gre over ipsec in vpp 19.08

Wed, 02 Oct 2019 00:19:46 -0700 

Hi Chuan,

IPSec and GRE is supported using the tunnel protection mechanism :
  https://wiki.fd.io/view/VPP/IPSec

GRE over IPSec is only support when the SA is in tunnel mode. This means there 
is a double encap of the IP header ; once by the SA (in tunnel mode) and once 
by the tunnel itself. (Which has always been the case in VPP).

Example config follows :

  DBGvpp# ipsec sa add 20 spi 200 crypto-key 6541686776336961656264656f6f6579 
crypto-alg aes-cbc-128 tunnel-src 10.10.10.10 tunnel-dst 10.10.10.11
  DBGvpp# ipsec sa add 30 spi 300 crypto-key 6541686776336961656264656f6f6579 
crypto-alg aes-cbc-128 tunnel-src 10.10.10.11 tunnel-dst 10.10.10.10
  DBGvpp# create gre tunnel src 10.10.10.10 dst 10.10.10.11
    gre0
  DBGvpp# ipsec tunnel protect gre0 sa-in 20 sa-out 30
  DBGvpp# sh ipsec protect
  gre0
   output-sa:
    [1] sa 30 (0x1e) spi 300 (0x0000012c) protocol:esp flags:[tunnel ]
   input-sa:
    [0] sa 20 (0x14) spi 200 (0x000000c8) protocol:esp flags:[tunnel Protect ]

Regards,
neale


From: <vpp-dev@lists.fd.io> on behalf of "Chuan Han via Lists.Fd.Io" 
<chuanhan=google....@lists.fd.io>
Reply to: "chuan...@google.com" <chuan...@google.com>
Date: Wednesday 2 October 2019 at 02:08
To: "vpp-dev@lists.fd.io" <vpp-dev@lists.fd.io>
Cc: "vpp-dev@lists.fd.io" <vpp-dev@lists.fd.io>
Subject: [vpp-dev] How to configure l2 gre over ipsec in vpp 19.08

Hi, vpp experts,  

I am trying to configure l2 gre over ipsec. I followed the steps here:
https://docs.fd.io/vpp/16.12/ipsec_gre_doc.html

I hit the following error:
create ipsec: unknown input `gre tunnel src 10.10.10.10 dst...'

My vpp version is v19.08.1-release

It seems on this version the "create ipsec gre tunnel" command does not work. 
If so, is there any other way of configuring l2 gre over ipsec in 19.08?

Please advise. 

Thanks.
Chuan


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14098): https://lists.fd.io/g/vpp-dev/message/14098
Mute This Topic: https://lists.fd.io/mt/34364734/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to