Thanks Neale. I will try it out. From: Neale Ranns <[email protected]> Sent: Thursday, February 25, 2021 3:16 AM To: Govindarajan Mohandoss <[email protected]>; vpp-dev <[email protected]> Cc: nd <[email protected]> Subject: Re: [vpp-dev] IPSec ESP Tunnel mode config
Hi Govind, Please see: https://wiki.fd.io/view/VPP/IPSec /neale From: Govindarajan Mohandoss <[email protected]<mailto:[email protected]>> Date: Wednesday, 24 February 2021 at 20:34 To: Govindarajan Mohandoss <[email protected]<mailto:[email protected]>>, Neale Ranns <[email protected]<mailto:[email protected]>>, vpp-dev <[email protected]<mailto:[email protected]>> Cc: nd <[email protected]<mailto:[email protected]>>, nd <[email protected]<mailto:[email protected]>> Subject: RE: [vpp-dev] IPSec ESP Tunnel mode config Hi Neale, I was wrong. I did a packet capture in null-encryption mode and the packet format is of ESP Transport mode type. Can you please help me to config ESP Tunnel mode ? Do you have any logs/document to refer ? NULL encryption config: -------------------------------- vpp# create ipip tunnel src 192.83.1.1 dst 192.83.1.2 ipip0 vpp# ipsec sa add 20 spi 1000 esp crypto-alg none integ-alg none vpp# ipsec tunnel protect ipip0 sa-out 20 add Thanks Govind From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> On Behalf Of Govindarajan Mohandoss via lists.fd.io Sent: Wednesday, February 24, 2021 10:00 AM To: [email protected]<mailto:[email protected]>; vpp-dev <[email protected]<mailto:[email protected]>> Cc: nd <[email protected]<mailto:[email protected]>> Subject: Re: [vpp-dev] IPSec ESP Tunnel mode config Thank you Neale. Following set of commands worked. I hope it is correct. vpp# create ipip tunnel src 192.83.1.1 dst 192.83.1.2 ipip0 vpp# ipsec sa add 20 spi 1000 crypto-alg aes-gcm-256 crypto-key 0123456789012345678901234567890101234567890123456789012345678901 salt 0x12345678 vpp# ipsec tunnel protect ipip0 sa-out 20 Foll. command didn't work: ipsec sa add 20 spi 1000 esp crypto-alg aes-gcm-128 crypto-key 4a506a794f574265564551694d653768 salt 0x12345678 tunnel src 192.83.1.1 dst 192.83.1.2 Thanks Govind From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> On Behalf Of Neale Ranns via lists.fd.io Sent: Wednesday, February 24, 2021 9:20 AM To: Govindarajan Mohandoss <[email protected]<mailto:[email protected]>>; vpp-dev <[email protected]<mailto:[email protected]>> Subject: Re: [vpp-dev] IPSec ESP Tunnel mode config Dear Govind, The tunnel parameters are parsed separately in recent versions. Try: ipsec sa add 20 spi 1000 esp crypto-alg aes-gcm-128 crypto-key 4a506a794f574265564551694d653768 salt 0x12345678 tunnel src 192.83.1.1 dst 192.83.1.2 /neale From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> on behalf of Govindarajan Mohandoss via lists.fd.io <[email protected]<mailto:[email protected]>> Date: Wednesday, 24 February 2021 at 15:59 To: vpp-dev <[email protected]<mailto:[email protected]>> Cc: nd <[email protected]<mailto:[email protected]>>, nd <[email protected]<mailto:[email protected]>> Subject: [vpp-dev] IPSec ESP Tunnel mode config Dear Maintainers, I need help to fix ESP Tunnel mode configuration using debug CLI. Following command is throwing parse error. Can you please share the latest CLI command ? vpp# ipsec sa add 20 spi 1000 esp tunnel-src 192.83.1.1 tunnel-dst 192.83.1.2 crypto-alg aes-gcm-128 crypto-key 4a506a794f574265564551694d653768 salt 0x12345678 ipsec sa: parse error: '-src 192.83.1.1 tunnel-dst 192...' Thanks Govind
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#18806): https://lists.fd.io/g/vpp-dev/message/18806 Mute This Topic: https://lists.fd.io/mt/80878044/21656 Group Owner: [email protected] Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
