ipsec: remove ipsec vnet script

An updated ipsec script was identical to the existing ipsec_tun_protect script.
Remove the ipsec vnet script, and rename the ipsec_tun_protect to become the
default ipsec vnet script.

Type: fix

Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: Ie05ca3e089b67a5b9499d83d4cb2adf1b6c6ffba

diff --git a/src/scripts/vnet/ipsec b/src/scripts/vnet/ipsec
index 55cd914..6dc4dd7 100644 (file)
--- a/src/scripts/vnet/ipsec
+++ b/src/scripts/vnet/ipsec
@@ -18,20 +18,25 @@ set int state pg0 up
 set int state pg1 up
 set int state pipe0 up
 
-create ipsec tunnel local-ip 10.0.0.1 remote-ip 10.0.0.2 local-spi 100 remote-spi 101 local-crypto-key 6541686776336961656264656f6f6579 remote-crypto-key 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128
+ipsec sa add 20 spi 200 crypto-key 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128
+ipsec sa add 30 spi 300 crypto-key 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128
 
-set int state ipsec0 up
-set int unnum ipsec0 use pg0
+create ipip tunnel src 10.0.0.1 dst 10.0.0.2
+create ipip tunnel src 10.0.0.2 dst 10.0.0.1 outer-table-id 1
 
-create ipsec tunnel local-ip 10.0.0.2 remote-ip 10.0.0.1 local-spi 101 remote-spi 100 tx-table 1 local-crypto-key 6541686776336961656264656f6f6579 remote-crypto-key 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128
+ipsec tunnel protect ipip0 sa-in 20 sa-out 30
+ipsec tunnel protect ipip1 sa-in 30 sa-out 20
 
-set int state ipsec1 up
-set int ip table ipsec1 1
-set int unnum ipsec1 use pg1
+set int state ipip0 up
+set int unnum ipip0 use pg0
 
-ip route add 192.168.1.0/24 via ipsec0
+set int state ipip1 up
+set int ip table ipip1 1
+set int unnum ipip1 use pg1
+
+ip route add 192.168.1.0/24 via ipip0
 set ip neighbor pg1 192.168.1.2 00:11:22:33:44:55
-ip route add table 1 192.168.0.0/24 via ipsec1
+ip route add table 1 192.168.0.0/24 via ipip1
 set ip neighbor pg0 192.168.0.2 00:11:22:33:44:66
 
 trace add pg-input 100

diff --git a/src/scripts/vnet/ipsec_tun_protect b/src/scripts/vnet/ipsec_tun_protect
deleted file mode 100644 (file)
index 6dc4dd7..0000000
--- a/src/scripts/vnet/ipsec_tun_protect
+++ /dev/null
@@ -1,71 +0,0 @@
-
-create packet-generator interface pg0
-create packet-generator interface pg1
-
-pipe create
-
-ip table add 1
-set int ip table pg1 1
-set int ip table pipe0.1 1
-
-set int ip address pg0 192.168.0.1/24
-set int ip address pg1 192.168.1.1/24
-
-set int ip address pipe0.0 10.0.0.1/24
-set int ip address pipe0.1 10.0.0.2/24
-
-set int state pg0 up
-set int state pg1 up
-set int state pipe0 up
-
-ipsec sa add 20 spi 200 crypto-key 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128
-ipsec sa add 30 spi 300 crypto-key 6541686776336961656264656f6f6579 crypto-alg aes-cbc-128
-
-create ipip tunnel src 10.0.0.1 dst 10.0.0.2
-create ipip tunnel src 10.0.0.2 dst 10.0.0.1 outer-table-id 1
-
-ipsec tunnel protect ipip0 sa-in 20 sa-out 30
-ipsec tunnel protect ipip1 sa-in 30 sa-out 20
-
-set int state ipip0 up
-set int unnum ipip0 use pg0
-
-set int state ipip1 up
-set int ip table ipip1 1
-set int unnum ipip1 use pg1
-
-ip route add 192.168.1.0/24 via ipip0
-set ip neighbor pg1 192.168.1.2 00:11:22:33:44:55
-ip route add table 1 192.168.0.0/24 via ipip1
-set ip neighbor pg0 192.168.0.2 00:11:22:33:44:66
-
-trace add pg-input 100
-
-packet-generator new {
-  name ipsec1
-  limit 1
-  rate 1e4
-  node ip4-input
-  interface pg0
-  size 100-100
-  data {
-   UDP: 192.168.0.2 -> 192.168.1.2
-   UDP: 4321 -> 1234
-    length 72
-    incrementing 100
-  }
-}
-packet-generator new {
-  name ipsec2
-  limit 1
-  rate 1e4
-  node ip4-input
-  interface pg1
-  size 100-100
-  data {
-   UDP: 192.168.1.2 -> 192.168.0.2
-   UDP: 4321 -> 1234
-    length 72
-    incrementing 100
-  }
-}