2 # 2 initiators (strongswan), 1 responder (vpp) topology
5 if [ -f ~/.vpp_sswan ]; then
10 SSWAN_CFG_DIR=/tmp/sswan
13 sudo $VPPCTL -s /tmp/vpp_sswan.sock $@
17 sudo $VPP_BIN unix { \
18 cli-listen /tmp/vpp_sswan.sock \
20 api-segment { prefix vpp } \
21 plugins { plugin dpdk_plugin.so { disable } }
24 echo "exec $STARTUP_DIR/configs/$TC_DIR/vpp.conf"
25 vppctl exec $STARTUP_DIR/configs/$TC_DIR/vpp.conf
30 sudo rm -r $SSWAN_CFG_DIR$1
31 sudo mkdir -p $SSWAN_CFG_DIR$1
32 sudo cp configs/$TC_DIR/ipsec$1.conf $SSWAN_CFG_DIR$1/ipsec.conf
33 sudo cp configs/$TC_DIR/ipsec.secrets $SSWAN_CFG_DIR$1/ipsec.secrets
34 sudo cp configs/strongswan.conf $SSWAN_CFG_DIR$1/strongswan.conf
40 (sudo ip link add gw$1 type veth peer name veth_gw$1
41 sudo ip link set dev gw$1 up
43 sudo ip netns add $ns_name
44 sudo ip link add veth_priv$1 type veth peer name priv$1
45 sudo ip link set dev priv$1 up
46 sudo ip link set dev veth_priv$1 up netns $ns_name
48 sudo ip netns exec $ns_name \
51 ip addr add 192.168.3.2/24 dev veth_priv$1
52 ip addr add fec3::2/16 dev veth_priv$1
53 ip route add 192.168.5.0/24 via 192.168.3.1
54 ip route add fec5::0/16 via fec3::1
59 (docker run --name $init_name -d --privileged --rm --net=none \
60 -v $SSWAN_CFG_DIR$1:/conf -v $SSWAN_CFG_DIR$1:/etc/ipsec.d philplckthun/strongswan)
62 pid=$(docker inspect --format "{{.State.Pid}}" $init_name)
63 sudo ip link set netns $pid dev veth_gw$1
65 sudo nsenter -t $pid -n ip addr add 192.168.10.1/24 dev veth_gw$1
66 sudo nsenter -t $pid -n ip link set dev veth_gw$1 up
68 sudo nsenter -t $pid -n ip addr add 192.168.5.2/32 dev lo
69 sudo nsenter -t $pid -n ip link set dev lo up
72 initiate_from_sswan () {
73 echo "start initiation.."
74 sudo docker exec sswan$1 ipsec up initiator
79 sudo ip netns exec $1 ping -c 1 192.168.5.2
81 if [ $rc -ne 0 ] ; then
90 docker stop sswan1 &> /dev/null
91 docker stop sswan2 &> /dev/null
93 sudo ip netns delete ns1
94 sudo ip netns delete ns2
98 initiate_from_vpp () {
99 vppctl ikev2 initiate sa-init pr1
104 run_responder_test() {
109 initiate_from_sswan "1"
110 initiate_from_sswan "2"