vpp/extras/strongswan/vpp_sswan/swanctl.conf

connections {
  net-net {
    local_addrs = 192.168.0.2
    remote_addrs = 192.168.0.1
    local {
      auth = psk
      id = sun.strongswan.org
    }
    remote {
      auth = psk
      id = moon.strongswan.org
    }
    children {
      net-net {
        local_ts = 192.168.200.0/24
        remote_ts = 192.168.100.0/24
        esp_proposals = aes128-sha1-modp2048
        rekey_time = 240m
      }
    }
    version = 2
    mobike = yes
    encap = no # NAT-T if needed
    proposals = aes128-sha256-x25519
    }
}
secrets {
  ike-net-net {
    id = moon.strongswan.org
    secret = simplepsk
  }
}

# Include config snippets
include conf.d/*.conf
vpp-swan: Add plugin for vpp-swan Added plugin vpp-swan is a plugin that helps offloading Strongswan IPsec ESP process from Linux Kernel to VPP. Type: feature Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Iec77945892453fac1890d3c49d7d86fc6b09c893 2022-06-29 12:54:30 +00:00			`connections {`
			`net-net {`
			`local_addrs = 192.168.0.2`
			`remote_addrs = 192.168.0.1`
			`local {`
			`auth = psk`
			`id = sun.strongswan.org`
			`}`
			`remote {`
			`auth = psk`
			`id = moon.strongswan.org`
			`}`
			`children {`
			`net-net {`
			`local_ts = 192.168.200.0/24`
			`remote_ts = 192.168.100.0/24`
			`esp_proposals = aes128-sha1-modp2048`
			`rekey_time = 240m`
			`}`
			`}`
			`version = 2`
			`mobike = yes`
			`encap = no # NAT-T if needed`
			`proposals = aes128-sha256-x25519`
			`}`
			`}`
			`secrets {`
			`ike-net-net {`
			`id = moon.strongswan.org`
			`secret = simplepsk`
			`}`
			`}`

			`# Include config snippets`
			`include conf.d/*.conf`