Klement Sekera
8d8150262b
VppTestCase now has vpp_worker_count property set to number of workers. This can be overriden by child classes. Also overriden by VPP_WORKER_CONFIG variable for legacy reasons. Type: improvement Change-Id: Ic328bacb9003ddf9e92815767653bd362aa7f086 Signed-off-by: Klement Sekera <ksekera@cisco.com>
Wireguard vpp-plugin
Overview
This plugin is an implementation of wireguard protocol for VPP. It allows one to create secure VPN tunnels. This implementation is based on wireguard-openbsd.
Crypto
The crypto protocols:
- blake2s [Source]
OpenSSL:
- curve25519
- chachapoly1305
Plugin usage example
Create wireguard interface
> vpp# wireguard create listen-port <port> private-key <priv_key> src <src_ip4> [generate-key]
> *wg_interface*
> vpp# set int state <wg_interface> up
> vpp# set int ip address <wg_interface> <wg_ip4>
Add a peer configuration:
> vpp# wireguard peer add <wg_interface> public-key <pub_key_other> endpoint <ip4_dst> allowed-ip <prefix> dst-port <port_dst> persistent-keepalive [keepalive_interval]
> vpp# *peer_idx*
Show config
> vpp# show wireguard interface
> vpp# show wireguard peer
Remove peer
> vpp# wireguard peer remove <peer_idx>
Delete interface
> vpp# wireguard delete <wg_interface>
Main next steps for improving this implementation
- Use all benefits of VPP-engine.
- Add IPv6 support (currently only supports IPv4)
- Add DoS protection as in original protocol (using cookie)