- if_s = 'ipsec{}'.format(i)
- dut1_tunnel_s = 'create ipsec tunnel local-ip {0} local-spi ' \
- '{1} remote-ip {2} remote-spi {3}\n'.format(
- if1_ip_addr, spi_1+i, if2_ip_addr, spi_2+i)
- tmp_f1.write(dut1_tunnel_s)
- dut2_tunnel_s = 'create ipsec tunnel local-ip {0} local-spi ' \
- '{1} remote-ip {2} remote-spi {3}\n'.format(
- if2_ip_addr, spi_2+i, if1_ip_addr, spi_1+i)
- tmp_f2.write(dut2_tunnel_s)
- loc_c_key = 'set interface ipsec key {0} local crypto {1} ' \
- '{2}\n'.format(if_s, crypto_alg.alg_name, ckey)
- tmp_f1.write(loc_c_key)
- tmp_f2.write(loc_c_key)
- rem_c_key = 'set interface ipsec key {0} remote crypto {1} ' \
- '{2}\n'.format(if_s, crypto_alg.alg_name, ckey)
- tmp_f1.write(rem_c_key)
- tmp_f2.write(rem_c_key)
- if crypto_alg.alg_name != 'aes-gcm-128':
- loc_i_key = 'set interface ipsec key {0} local integ {1} ' \
- '{2}\n'.format(if_s, integ_alg.alg_name, ikey)
- tmp_f1.write(loc_i_key)
- tmp_f2.write(loc_i_key)
- rem_i_key = 'set interface ipsec key {0} remote integ {1}' \
- ' {2}\n'.format(if_s, integ_alg.alg_name, ikey)
- tmp_f1.write(rem_i_key)
- tmp_f2.write(rem_i_key)
- raddr_ip1_s = ip_address(raddr_ip1_i + addr_incr*i)
- raddr_ip2_s = ip_address(raddr_ip2_i + addr_incr*i)
- dut1_rte_s = 'ip route add {0}/{1} via {2} {3}\n'.format(
- raddr_ip2_s, raddr_range, if2_ip_addr, if_s)
- tmp_f1.write(dut1_rte_s)
- dut2_rte_s = 'ip route add {0}/{1} via {2} {3}\n'.format(
- raddr_ip1_s, raddr_range, if1_ip_addr, if_s)
- tmp_f2.write(dut2_rte_s)