src/scripts/vnet/ipsec

   1
   2 create packet-generator interface pg0
   3 create packet-generator interface pg1
   4
   5 pipe create
   6
   7 ip table add 1
   8 set int ip table pg1 1
   9 set int ip table pipe0.1 1
  10
  11 set int ip address pg0 192.168.0.1/24
  12 set int ip address pg1 192.168.1.1/24
  13
  14 set int ip address pipe0.0 10.0.0.1/24
  15 set int ip address pipe0.1 10.0.0.2/24
  16
  17 set int state pg0 up
  18 set int state pg1 up
  19 set int state pipe0 up
  20
  21 ipsec sa add 20 spi 200 crypto-key 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128
  22 ipsec sa add 30 spi 300 crypto-key 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128
  23
  24 create ipip tunnel src 10.0.0.1 dst 10.0.0.2
  25 create ipip tunnel src 10.0.0.2 dst 10.0.0.1 outer-table-id 1
  26
  27 ipsec tunnel protect ipip0 sa-in 20 sa-out 30
  28 ipsec tunnel protect ipip1 sa-in 30 sa-out 20
  29
  30 set int state ipip0 up
  31 set int unnum ipip0 use pg0
  32
  33 set int state ipip1 up
  34 set int ip table ipip1 1
  35 set int unnum ipip1 use pg1
  36
  37 ip route add 192.168.1.0/24 via ipip0
  38 set ip neighbor pg1 192.168.1.2 00:11:22:33:44:55
  39 ip route add table 1 192.168.0.0/24 via ipip1
  40 set ip neighbor pg0 192.168.0.2 00:11:22:33:44:66
  41
  42 trace add pg-input 100
  43
  44 packet-generator new {                                          \
  45   name ipsec1                                                   \
  46   limit 1                                                       \
  47   rate 1e4                                                      \
  48   node ip4-input                                                \
  49   interface pg0                                                 \
  50   size 100-100                                                  \
  51   data {                                                        \
  52    UDP: 192.168.0.2 -> 192.168.1.2                              \
  53    UDP: 4321 -> 1234                                            \
  54     length 72                                                   \
  55     incrementing 100                                            \
  56   }                                                             \
  57 }
  58 packet-generator new {                                          \
  59   name ipsec2                                                   \
  60   limit 1                                                       \
  61   rate 1e4                                                      \
  62   node ip4-input                                                \
  63   interface pg1                                                 \
  64   size 100-100                                                  \
  65   data {                                                        \
  66    UDP: 192.168.1.2 -> 192.168.0.2                              \
  67    UDP: 4321 -> 1234                                            \
  68     length 72                                                   \
  69     incrementing 100                                            \
  70   }                                                             \
  71 }