1#! /bin/bash 2# SPDX-License-Identifier: BSD-3-Clause 3 4CRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_null0"'} 5 6#generate cfg file for ipsec-secgw 7config_secgw() 8{ 9 cat <<EOF > ${SGW_CFG_FILE} 10 11sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535 12sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535 13 14sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535 15sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535 16 17#Routing rules 18rt ipv4 dst ${REMOTE_IPV4}/32 port 0 19rt ipv4 dst ${LOCAL_IPV4}/32 port 1 20 21rt ipv6 dst ${REMOTE_IPV6}/128 port 0 22rt ipv6 dst ${LOCAL_IPV6}/128 port 1 23 24#neighbours 25neigh port 0 ${REMOTE_MAC} 26neigh port 1 ${LOCAL_MAC} 27EOF 28 29 cat ${SGW_CFG_FILE} 30} 31 32SGW_CMD_XPRM='-w 300 -l' 33 34config_remote_xfrm() 35{ 36 ssh ${REMOTE_HOST} ip xfrm policy flush 37 ssh ${REMOTE_HOST} ip xfrm state flush 38 39 ssh ${REMOTE_HOST} ip xfrm policy list 40 ssh ${REMOTE_HOST} ip xfrm state list 41} 42 43config6_remote_xfrm() 44{ 45 config_remote_xfrm 46} 47