Hi Neale, Thanks for tge pointer and your suggestion.
I will check it further. Regards. On Fri, 27 May 2022, 04:53 Neale Ranns, <ne...@graphiant.com> wrote: > > > Hi Vijay, > > > > It sounds like the SA you programme did not install. As you say, DES is > insecure, so we don’t even test it anymore. I would suggest you start with > a UT in VPP and go from there. Maybe extend the algos in MyParameters in > test/test_ipsec_esp.py > > > > /neale > > > > *From: *vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> on behalf of Vijay > Kumar via lists.fd.io <vjkumar2003=gmail....@lists.fd.io> > *Date: *Thursday, 26 May 2022 at 21:52 > *To: *vpp-dev <vpp-dev@lists.fd.io> > *Subject: *[vpp-dev] Regarding DES support in VPP > > Hi Neale/Benoit, > > > > I know we must not talk about DES and MD5 these days as they are insecure > and must not be configured. My QA has raised an issue that DES is not > working. I have myself not tested it as the customers would never configure > it. > > > > The QA says the "show ipsec sa" command does not show anything if DES is > configured. > > > > Also the show node counters had this counter incremented for DES. > > "4 ipsec4-tun-input no matching tunnel" > > > > Not sure if I am missing something. > > > > NOTE: > > ====== > > 1) We don't use the vpp ikev2 plugin. We have our own IKE stack that > programs the VPP with IPSEC SA. Basically our application receives the SA > and calls the ipsec_sa_add_and_lock() API to install the SA. > > > > 2) We have tested AES128, ASE256, 3DES and they were working fine. The > code to receive keys from IKE stack and program the vnet/ipsec is the same. > > > > > > > > Regards, > > Vijay Kumar N. >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#21475): https://lists.fd.io/g/vpp-dev/message/21475 Mute This Topic: https://lists.fd.io/mt/91352430/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
