- Sample CLI : 'ipsec policy add spd 1 inbound priority 10 action \
- protect sa 20 local-ip-range 192.168.4.4 - 192.168.4.4 \
- remote-ip-range 192.168.3.3 - 192.168.3.3'
-
- :param spd_id - SPD ID for the policy . mandatory
- :param local_address_start - local-ip-range start address . mandatory
- :param local_address_stop - local-ip-range stop address . mandatory
- :param remote_address_start - remote-ip-range start address . mandatory
- :param remote_address_stop - remote-ip-range stop address . mandatory
- :param local_port_start - (Default 0) . optional
- :param local_port_stop - (Default 65535). optional
- :param remote_port_start - (Default 0). optional
- :param remote_port_stop - (Default 65535). optional
- :param protocol - Any(0), AH(51) & ESP(50) protocol (Default 0 - Any).
- optional
- :param sa_id - Security Association ID for mapping it to SPD
- (default 10). optional
- :param policy - bypass(0), discard(1), resolve(2) or protect(3)action
- (Default 0 - bypass). optional
- :param priotity - value for the spd action (Default 100). optional
- :param is_outbound - flag for inbound(0) or outbound(1)
- (Default 1 - outbound). optional
- :param is_add flag - for addition(1) or deletion(0) of the spd
- (Default 1 - addtion). optional
- :returns: reply from the API
- """
- return self.api(
- self.papi.ipsec_spd_add_del_entry,
- {'spd_id': spd_id,
- 'local_address_start': local_address_start,
- 'local_address_stop': local_address_stop,
- 'remote_address_start': remote_address_start,
- 'remote_address_stop': remote_address_stop,
- 'local_port_start': local_port_start,
- 'local_port_stop': local_port_stop,
- 'remote_port_start': remote_port_start,
- 'remote_port_stop': remote_port_stop,
- 'is_add': is_add,
- 'protocol': protocol,
- 'policy': policy,
- 'priority': priority,
- 'is_outbound': is_outbound,
- 'sa_id': sa_id,
- 'is_ip_any': is_ip_any})
-
- def app_namespace_add(self,
- namespace_id,
- ip4_fib_id=0,
- ip6_fib_id=0,
- sw_if_index=0xFFFFFFFF,
- secret=0):
+ :param spd_id: SPD ID for the policy
+ :param local_address_start: local-ip-range start address
+ :param local_address_stop : local-ip-range stop address
+ :param remote_address_start: remote-ip-range start address
+ :param remote_address_stop : remote-ip-range stop address
+ :param local_port_start: (Default value = 0)
+ :param local_port_stop: (Default value = 65535)
+ :param remote_port_start: (Default value = 0)
+ :param remote_port_stop: (Default value = 65535)
+ :param protocol: Any(0), AH(51) & ESP(50) protocol (Default value = 0)
+ :param sa_id: Security Association ID for mapping it to SPD
+ :param policy: bypass(0), discard(1), resolve(2) or protect(3) action
+ (Default value = 0)
+ :param priority: value for the spd action (Default value = 100)
+ :param is_outbound: flag for inbound(0) or outbound(1)
+ (Default value = 1)
+ :param is_add: (Default value = 1)
+ """
+ return self.api(
+ self.papi.ipsec_spd_entry_add_del,
+ {
+ 'is_add': is_add,
+ 'entry':
+ {
+ 'spd_id': spd_id,
+ 'sa_id': sa_id,
+ 'local_address_start': local_address_start,
+ 'local_address_stop': local_address_stop,
+ 'remote_address_start': remote_address_start,
+ 'remote_address_stop': remote_address_stop,
+ 'local_port_start': local_port_start,
+ 'local_port_stop': local_port_stop,
+ 'remote_port_start': remote_port_start,
+ 'remote_port_stop': remote_port_stop,
+ 'protocol': protocol,
+ 'policy': policy,
+ 'priority': priority,
+ 'is_outbound': is_outbound,
+ 'is_ip_any': is_ip_any
+ }
+ })
+
+ def ipsec_spd_dump(self, spd_id, sa_id=0xffffffff):
+ return self.api(self.papi.ipsec_spd_dump,
+ {'spd_id': spd_id,
+ 'sa_id': sa_id})
+
+ def ipsec_tunnel_if_add_del(self, local_ip, remote_ip, local_spi,
+ remote_spi, crypto_alg, local_crypto_key,
+ remote_crypto_key, integ_alg, local_integ_key,
+ remote_integ_key, is_add=1, esn=0,
+ anti_replay=1, renumber=0, show_instance=0):
+ return self.api(
+ self.papi.ipsec_tunnel_if_add_del,
+ {'local_ip': local_ip, 'remote_ip': remote_ip,
+ 'local_spi': local_spi, 'remote_spi': remote_spi,
+ 'crypto_alg': crypto_alg,
+ 'local_crypto_key_len': len(local_crypto_key),
+ 'local_crypto_key': local_crypto_key,
+ 'remote_crypto_key_len': len(remote_crypto_key),
+ 'remote_crypto_key': remote_crypto_key, 'integ_alg': integ_alg,
+ 'local_integ_key_len': len(local_integ_key),
+ 'local_integ_key': local_integ_key,
+ 'remote_integ_key_len': len(remote_integ_key),
+ 'remote_integ_key': remote_integ_key, 'is_add': is_add,
+ 'esn': esn, 'anti_replay': anti_replay, 'renumber': renumber,
+ 'show_instance': show_instance
+ })
+
+ def ipsec_select_backend(self, protocol, index):
+ return self.api(self.papi.ipsec_select_backend,
+ {'protocol': protocol, 'index': index})
+
+ def ipsec_backend_dump(self):
+ return self.api(self.papi.ipsec_backend_dump, {})
+
+ def app_namespace_add_del(self,
+ namespace_id,
+ ip4_fib_id=0,
+ ip6_fib_id=0,
+ sw_if_index=0xFFFFFFFF,
+ secret=0):