3 CRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_null0"'}
5 #generate cfg file for ipsec-secgw
8 cat <<EOF > ${SGW_CFG_FILE}
10 sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
11 sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
13 sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
14 sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
17 rt ipv4 dst ${REMOTE_IPV4}/32 port 0
18 rt ipv4 dst ${LOCAL_IPV4}/32 port 1
20 rt ipv6 dst ${REMOTE_IPV6}/128 port 0
21 rt ipv6 dst ${LOCAL_IPV6}/128 port 1
24 neigh port 0 ${REMOTE_MAC}
25 neigh port 1 ${LOCAL_MAC}
35 ssh ${REMOTE_HOST} ip xfrm policy flush
36 ssh ${REMOTE_HOST} ip xfrm state flush
38 ssh ${REMOTE_HOST} ip xfrm policy list
39 ssh ${REMOTE_HOST} ip xfrm state list