xref: /dpdk/examples/ipsec-secgw/ep0.cfg (revision 6738c0a956953b726cff55da48ee4d5574b0fdf5) 
1###########################################################################
2#   IPSEC-SECGW Endpoint sample configuration
3#
4#   The main purpose of this file is to show how to configure two systems
5#   back-to-back that would forward traffic through an IPsec tunnel. This
6#   file is the Endpoint 0 configuration. To use this configuration file,
7#   add the following command-line option:
8#
9#       -f ./ep0.cfg
10#
11###########################################################################
12
13#SP IPv4 rules
14sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535
15sp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24 sport 0:65535 dport 0:65535
16sp ipv4 out esp protect 10 pri 1 dst 192.168.175.0/24 sport 0:65535 dport 0:65535
17sp ipv4 out esp protect 11 pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535
18sp ipv4 out esp protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535
19sp ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport 0:65535
20sp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport 0:65535 dport 0:65535
21sp ipv4 out esp protect 26 pri 1 dst 192.168.56.0/24 sport 0:65535 dport 0:65535
22sp ipv4 out esp bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535
23sp ipv4 out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535
24
25sp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535 dport 0:65535
26sp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24 sport 0:65535 dport 0:65535
27sp ipv4 in esp protect 110 pri 1 dst 192.168.185.0/24 sport 0:65535 dport 0:65535
28sp ipv4 in esp protect 111 pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535
29sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535
30sp ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport 0:65535
31sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535
32sp ipv4 in esp protect 117 pri 1 dst 192.168.212.0/24 sport 0:65535 dport 0:65535
33sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535
34sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535
35sp ipv4 in esp protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535
36sp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535 dport 0:65535
37sp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport 0:65535 dport 0:65535
38
39#SP IPv6 rules
40sp ipv6 out esp protect 5 pri 1 dst 0000:0000:0000:0000:5555:5555:0000:0000/96 \
41sport 0:65535 dport 0:65535
42sp ipv6 out esp protect 6 pri 1 dst 0000:0000:0000:0000:6666:6666:0000:0000/96 \
43sport 0:65535 dport 0:65535
44sp ipv6 out esp protect 10 pri 1 dst 0000:0000:1111:1111:0000:0000:0000:0000/96 \
45sport 0:65535 dport 0:65535
46sp ipv6 out esp protect 11 pri 1 dst 0000:0000:1111:1111:1111:1111:0000:0000/96 \
47sport 0:65535 dport 0:65535
48sp ipv6 out esp protect 25 pri 1 dst 0000:0000:0000:0000:aaaa:aaaa:0000:0000/96 \
49sport 0:65535 dport 0:65535
50sp ipv6 out esp protect 26 pri 1 dst 0000:0000:0000:0000:bbbb:bbbb:0000:0000/96 \
51sport 0:65535 dport 0:65535
52
53sp ipv6 in esp protect 110 pri 1 dst ffff:0000:1111:1111:0000:0000:0000:0000/96 \
54sport 0:65535 dport 0:65535
55sp ipv6 in esp protect 111 pri 1 dst ffff:0000:1111:1111:1111:1111:0000:0000/96 \
56sport 0:65535 dport 0:65535
57sp ipv6 in esp protect 115 pri 1 dst ffff:0000:0000:0000:5555:5555:0000:0000/96 \
58sport 0:65535 dport 0:65535
59sp ipv6 in esp protect 116 pri 1 dst ffff:0000:0000:0000:6666:6666:0000:0000/96 \
60sport 0:65535 dport 0:65535
61sp ipv6 in esp protect 125 pri 1 dst ffff:0000:0000:0000:aaaa:aaaa:0000:0000/96 \
62sport 0:65535 dport 0:65535
63sp ipv6 in esp protect 126 pri 1 dst ffff:0000:0000:0000:bbbb:bbbb:0000:0000/96 \
64sport 0:65535 dport 0:65535
65sp ipv6 in esp protect 127 pri 1 dst ffff:0000:0000:0000:cccc:dddd:0000:0000/96 \
66sport 0:65535 dport 0:65535
67
68#SA rules
69sa out 5 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
70auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
71mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5
72
73sa out 6 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
74a0:a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
75a0:a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
76
77sa out 10 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
78a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
79a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
80
81sa out 11 cipher_algo aes-128-cbc cipher_key b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:\
82b2:b2:b2:b2:b2 auth_algo sha1-hmac auth_key b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:\
83b2:b2:b2:b2:b2:b2:b2:b2:b2 mode transport
84
85sa out 15 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.1.5 \
86dst 172.16.2.5
87
88sa out 16 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.1.6 \
89dst 172.16.2.6
90
91sa out 25 cipher_algo aes-128-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
92c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
93c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
94src 1111:1111:1111:1111:1111:1111:1111:5555 \
95dst 2222:2222:2222:2222:2222:2222:2222:5555
96
97sa out 26 cipher_algo aes-128-cbc cipher_key 4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:\
984d:4d:4d:4d:4d auth_algo sha1-hmac auth_key 4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:\
994d:4d:4d:4d:4d:4d:4d:4d:4d mode ipv6-tunnel \
100src 1111:1111:1111:1111:1111:1111:1111:6666 \
101dst 2222:2222:2222:2222:2222:2222:2222:6666
102
103sa in 105 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
104auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
105mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
106
107sa in 106 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
108a0:a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
109a0:a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
110
111sa in 110 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
112a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
113a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
114
115sa in 111 cipher_algo aes-128-cbc cipher_key b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:\
116b2:b2:b2:b2:b2 auth_algo sha1-hmac auth_key b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:\
117b2:b2:b2:b2:b2:b2:b2:b2:b2 mode transport
118
119sa in 115 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.2.5 \
120dst 172.16.1.5
121
122sa in 116 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
123
124sa in 117 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.2.7 \
125dst 172.16.1.7 flow-direction 0 2
126
127sa in 125 cipher_algo aes-128-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
128c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
129c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
130src 2222:2222:2222:2222:2222:2222:2222:5555 \
131dst 1111:1111:1111:1111:1111:1111:1111:5555
132
133sa in 126 cipher_algo aes-128-cbc cipher_key 4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:\
1344d:4d:4d:4d:4d auth_algo sha1-hmac auth_key 4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:\
1354d:4d:4d:4d:4d:4d:4d:4d:4d mode ipv6-tunnel \
136src 2222:2222:2222:2222:2222:2222:2222:6666 \
137dst 1111:1111:1111:1111:1111:1111:1111:6666
138
139sa in 127 cipher_algo null auth_algo null mode ipv6-tunnel \
140src 2222:2222:2222:2222:2222:2222:2222:7777 \
141dst 1111:1111:1111:1111:1111:1111:1111:7777 \
142flow-direction 0 3
143
144#Routing rules
145rt ipv4 dst 172.16.2.5/32 port 0
146rt ipv4 dst 172.16.2.6/32 port 1
147rt ipv4 dst 192.168.175.0/24 port 0
148rt ipv4 dst 192.168.176.0/24 port 1
149rt ipv4 dst 192.168.240.0/24 port 0
150rt ipv4 dst 192.168.241.0/24 port 1
151rt ipv4 dst 192.168.115.0/24 port 2
152rt ipv4 dst 192.168.116.0/24 port 3
153rt ipv4 dst 192.168.65.0/24 port 2
154rt ipv4 dst 192.168.66.0/24 port 3
155rt ipv4 dst 192.168.185.0/24 port 2
156rt ipv4 dst 192.168.186.0/24 port 3
157rt ipv4 dst 192.168.210.0/24 port 2
158rt ipv4 dst 192.168.211.0/24 port 3
159rt ipv4 dst 192.168.245.0/24 port 2
160rt ipv4 dst 192.168.246.0/24 port 3
161
162rt ipv6 dst 2222:2222:2222:2222:2222:2222:2222:5555/116 port 0
163rt ipv6 dst 2222:2222:2222:2222:2222:2222:2222:6666/116 port 1
164rt ipv6 dst 0000:0000:1111:1111:0000:0000:0000:0000/116 port 0
165rt ipv6 dst 0000:0000:1111:1111:1111:1111:0000:0000/116 port 1
166rt ipv6 dst ffff:0000:0000:0000:aaaa:aaaa:0000:0000/116 port 2
167rt ipv6 dst ffff:0000:0000:0000:bbbb:bbbb:0000:0000/116 port 3
168rt ipv6 dst ffff:0000:0000:0000:5555:5555:0000:0000/116 port 2
169rt ipv6 dst ffff:0000:0000:0000:6666:6666:0000:0000/116 port 3
170rt ipv6 dst ffff:0000:1111:1111:0000:0000:0000:0000/116 port 2
171rt ipv6 dst ffff:0000:1111:1111:1111:1111:0000:0000/116 port 3
172