2 # SPDX-License-Identifier: BSD-3-Clause
4 CRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_aesni_mb0"'}
6 #generate cfg file for ipsec-secgw
9 cat <<EOF > ${SGW_CFG_FILE}
11 sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
12 sport 0:65535 dport 0:65535
13 sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
16 sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
17 sport 0:65535 dport 0:65535
18 sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
21 sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
22 sport 0:65535 dport 0:65535
23 sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
26 sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
27 sport 0:65535 dport 0:65535
28 sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
31 sa in 7 cipher_algo aes-128-ctr \
32 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
34 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
35 mode transport ${SGW_CFG_XPRM}
37 sa in 9 cipher_algo aes-128-ctr \
38 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
40 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
41 mode transport ${SGW_CFG_XPRM}
44 sa out 7 cipher_algo aes-128-ctr \
45 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
47 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
48 mode transport ${SGW_CFG_XPRM}
51 sa out 9 cipher_algo aes-128-ctr \
52 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
54 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
55 mode transport ${SGW_CFG_XPRM}
58 rt ipv4 dst ${REMOTE_IPV4}/32 port 0
59 rt ipv4 dst ${LOCAL_IPV4}/32 port 1
61 rt ipv6 dst ${REMOTE_IPV6}/128 port 0
62 rt ipv6 dst ${LOCAL_IPV6}/128 port 1
65 neigh port 0 ${REMOTE_MAC}
66 neigh port 1 ${LOCAL_MAC}