xref: /dpdk/examples/ipsec-secgw/ep0.cfg (revision 6738c0a956953b726cff55da48ee4d5574b0fdf5) 
160a94afeSFan Zhang###########################################################################
260a94afeSFan Zhang#   IPSEC-SECGW Endpoint sample configuration
360a94afeSFan Zhang#
460a94afeSFan Zhang#   The main purpose of this file is to show how to configure two systems
560a94afeSFan Zhang#   back-to-back that would forward traffic through an IPsec tunnel. This
660a94afeSFan Zhang#   file is the Endpoint 0 configuration. To use this configuration file,
760a94afeSFan Zhang#   add the following command-line option:
860a94afeSFan Zhang#
960a94afeSFan Zhang#       -f ./ep0.cfg
1060a94afeSFan Zhang#
1160a94afeSFan Zhang###########################################################################
1260a94afeSFan Zhang
1360a94afeSFan Zhang#SP IPv4 rules
1460a94afeSFan Zhangsp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535
1560a94afeSFan Zhangsp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24 sport 0:65535 dport 0:65535
1660a94afeSFan Zhangsp ipv4 out esp protect 10 pri 1 dst 192.168.175.0/24 sport 0:65535 dport 0:65535
1760a94afeSFan Zhangsp ipv4 out esp protect 11 pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535
1860a94afeSFan Zhangsp ipv4 out esp protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535
1960a94afeSFan Zhangsp ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport 0:65535
2060a94afeSFan Zhangsp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport 0:65535 dport 0:65535
2160a94afeSFan Zhangsp ipv4 out esp protect 26 pri 1 dst 192.168.56.0/24 sport 0:65535 dport 0:65535
2260a94afeSFan Zhangsp ipv4 out esp bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535
2360a94afeSFan Zhangsp ipv4 out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535
2460a94afeSFan Zhang
2560a94afeSFan Zhangsp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535 dport 0:65535
2660a94afeSFan Zhangsp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24 sport 0:65535 dport 0:65535
2760a94afeSFan Zhangsp ipv4 in esp protect 110 pri 1 dst 192.168.185.0/24 sport 0:65535 dport 0:65535
2860a94afeSFan Zhangsp ipv4 in esp protect 111 pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535
2960a94afeSFan Zhangsp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535
3060a94afeSFan Zhangsp ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport 0:65535
3160a94afeSFan Zhangsp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535
32*6738c0a9SPraveen Shettysp ipv4 in esp protect 117 pri 1 dst 192.168.212.0/24 sport 0:65535 dport 0:65535
3360a94afeSFan Zhangsp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535
3460a94afeSFan Zhangsp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535
3560a94afeSFan Zhangsp ipv4 in esp protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535
3660a94afeSFan Zhangsp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535 dport 0:65535
3760a94afeSFan Zhangsp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport 0:65535 dport 0:65535
3860a94afeSFan Zhang
3960a94afeSFan Zhang#SP IPv6 rules
4060a94afeSFan Zhangsp ipv6 out esp protect 5 pri 1 dst 0000:0000:0000:0000:5555:5555:0000:0000/96 \
4160a94afeSFan Zhangsport 0:65535 dport 0:65535
4260a94afeSFan Zhangsp ipv6 out esp protect 6 pri 1 dst 0000:0000:0000:0000:6666:6666:0000:0000/96 \
4360a94afeSFan Zhangsport 0:65535 dport 0:65535
4460a94afeSFan Zhangsp ipv6 out esp protect 10 pri 1 dst 0000:0000:1111:1111:0000:0000:0000:0000/96 \
4560a94afeSFan Zhangsport 0:65535 dport 0:65535
4660a94afeSFan Zhangsp ipv6 out esp protect 11 pri 1 dst 0000:0000:1111:1111:1111:1111:0000:0000/96 \
4760a94afeSFan Zhangsport 0:65535 dport 0:65535
4860a94afeSFan Zhangsp ipv6 out esp protect 25 pri 1 dst 0000:0000:0000:0000:aaaa:aaaa:0000:0000/96 \
4960a94afeSFan Zhangsport 0:65535 dport 0:65535
5060a94afeSFan Zhangsp ipv6 out esp protect 26 pri 1 dst 0000:0000:0000:0000:bbbb:bbbb:0000:0000/96 \
5160a94afeSFan Zhangsport 0:65535 dport 0:65535
5260a94afeSFan Zhang
5360a94afeSFan Zhangsp ipv6 in esp protect 110 pri 1 dst ffff:0000:1111:1111:0000:0000:0000:0000/96 \
5460a94afeSFan Zhangsport 0:65535 dport 0:65535
5560a94afeSFan Zhangsp ipv6 in esp protect 111 pri 1 dst ffff:0000:1111:1111:1111:1111:0000:0000/96 \
5660a94afeSFan Zhangsport 0:65535 dport 0:65535
57742be578SLukasz Bartosiksp ipv6 in esp protect 115 pri 1 dst ffff:0000:0000:0000:5555:5555:0000:0000/96 \
58742be578SLukasz Bartosiksport 0:65535 dport 0:65535
59742be578SLukasz Bartosiksp ipv6 in esp protect 116 pri 1 dst ffff:0000:0000:0000:6666:6666:0000:0000/96 \
60742be578SLukasz Bartosiksport 0:65535 dport 0:65535
6160a94afeSFan Zhangsp ipv6 in esp protect 125 pri 1 dst ffff:0000:0000:0000:aaaa:aaaa:0000:0000/96 \
6260a94afeSFan Zhangsport 0:65535 dport 0:65535
6360a94afeSFan Zhangsp ipv6 in esp protect 126 pri 1 dst ffff:0000:0000:0000:bbbb:bbbb:0000:0000/96 \
6460a94afeSFan Zhangsport 0:65535 dport 0:65535
65*6738c0a9SPraveen Shettysp ipv6 in esp protect 127 pri 1 dst ffff:0000:0000:0000:cccc:dddd:0000:0000/96 \
66*6738c0a9SPraveen Shettysport 0:65535 dport 0:65535
6760a94afeSFan Zhang
6860a94afeSFan Zhang#SA rules
6960a94afeSFan Zhangsa out 5 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
7060a94afeSFan Zhangauth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
7160a94afeSFan Zhangmode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5
7260a94afeSFan Zhang
7360a94afeSFan Zhangsa out 6 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
7460a94afeSFan Zhanga0:a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
7560a94afeSFan Zhanga0:a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
7660a94afeSFan Zhang
7760a94afeSFan Zhangsa out 10 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
7860a94afeSFan Zhanga1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
7960a94afeSFan Zhanga1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
8060a94afeSFan Zhang
8160a94afeSFan Zhangsa out 11 cipher_algo aes-128-cbc cipher_key b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:\
8260a94afeSFan Zhangb2:b2:b2:b2:b2 auth_algo sha1-hmac auth_key b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:\
8360a94afeSFan Zhangb2:b2:b2:b2:b2:b2:b2:b2:b2 mode transport
8460a94afeSFan Zhang
8560a94afeSFan Zhangsa out 15 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.1.5 \
8660a94afeSFan Zhangdst 172.16.2.5
8760a94afeSFan Zhang
8860a94afeSFan Zhangsa out 16 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.1.6 \
8960a94afeSFan Zhangdst 172.16.2.6
9060a94afeSFan Zhang
9160a94afeSFan Zhangsa out 25 cipher_algo aes-128-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
9260a94afeSFan Zhangc3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
9360a94afeSFan Zhangc3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
9460a94afeSFan Zhangsrc 1111:1111:1111:1111:1111:1111:1111:5555 \
9560a94afeSFan Zhangdst 2222:2222:2222:2222:2222:2222:2222:5555
9660a94afeSFan Zhang
9760a94afeSFan Zhangsa out 26 cipher_algo aes-128-cbc cipher_key 4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:\
9860a94afeSFan Zhang4d:4d:4d:4d:4d auth_algo sha1-hmac auth_key 4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:\
9960a94afeSFan Zhang4d:4d:4d:4d:4d:4d:4d:4d:4d mode ipv6-tunnel \
10060a94afeSFan Zhangsrc 1111:1111:1111:1111:1111:1111:1111:6666 \
10160a94afeSFan Zhangdst 2222:2222:2222:2222:2222:2222:2222:6666
10260a94afeSFan Zhang
10360a94afeSFan Zhangsa in 105 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
10460a94afeSFan Zhangauth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
10560a94afeSFan Zhangmode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
10660a94afeSFan Zhang
10760a94afeSFan Zhangsa in 106 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
10860a94afeSFan Zhanga0:a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
10960a94afeSFan Zhanga0:a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
11060a94afeSFan Zhang
11160a94afeSFan Zhangsa in 110 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
11260a94afeSFan Zhanga1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
11360a94afeSFan Zhanga1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
11460a94afeSFan Zhang
11560a94afeSFan Zhangsa in 111 cipher_algo aes-128-cbc cipher_key b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:\
11660a94afeSFan Zhangb2:b2:b2:b2:b2 auth_algo sha1-hmac auth_key b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:\
11760a94afeSFan Zhangb2:b2:b2:b2:b2:b2:b2:b2:b2 mode transport
11860a94afeSFan Zhang
11960a94afeSFan Zhangsa in 115 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.2.5 \
12060a94afeSFan Zhangdst 172.16.1.5
12160a94afeSFan Zhang
12260a94afeSFan Zhangsa in 116 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
12360a94afeSFan Zhang
124*6738c0a9SPraveen Shettysa in 117 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.2.7 \
125*6738c0a9SPraveen Shettydst 172.16.1.7 flow-direction 0 2
126*6738c0a9SPraveen Shetty
12760a94afeSFan Zhangsa in 125 cipher_algo aes-128-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
12860a94afeSFan Zhangc3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
12960a94afeSFan Zhangc3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
13060a94afeSFan Zhangsrc 2222:2222:2222:2222:2222:2222:2222:5555 \
13160a94afeSFan Zhangdst 1111:1111:1111:1111:1111:1111:1111:5555
13260a94afeSFan Zhang
13360a94afeSFan Zhangsa in 126 cipher_algo aes-128-cbc cipher_key 4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:\
13460a94afeSFan Zhang4d:4d:4d:4d:4d auth_algo sha1-hmac auth_key 4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:\
13560a94afeSFan Zhang4d:4d:4d:4d:4d:4d:4d:4d:4d mode ipv6-tunnel \
13660a94afeSFan Zhangsrc 2222:2222:2222:2222:2222:2222:2222:6666 \
13760a94afeSFan Zhangdst 1111:1111:1111:1111:1111:1111:1111:6666
13860a94afeSFan Zhang
139*6738c0a9SPraveen Shettysa in 127 cipher_algo null auth_algo null mode ipv6-tunnel \
140*6738c0a9SPraveen Shettysrc 2222:2222:2222:2222:2222:2222:2222:7777 \
141*6738c0a9SPraveen Shettydst 1111:1111:1111:1111:1111:1111:1111:7777 \
142*6738c0a9SPraveen Shettyflow-direction 0 3
143*6738c0a9SPraveen Shetty
14460a94afeSFan Zhang#Routing rules
14560a94afeSFan Zhangrt ipv4 dst 172.16.2.5/32 port 0
14660a94afeSFan Zhangrt ipv4 dst 172.16.2.6/32 port 1
14760a94afeSFan Zhangrt ipv4 dst 192.168.175.0/24 port 0
14860a94afeSFan Zhangrt ipv4 dst 192.168.176.0/24 port 1
14960a94afeSFan Zhangrt ipv4 dst 192.168.240.0/24 port 0
15060a94afeSFan Zhangrt ipv4 dst 192.168.241.0/24 port 1
15160a94afeSFan Zhangrt ipv4 dst 192.168.115.0/24 port 2
15260a94afeSFan Zhangrt ipv4 dst 192.168.116.0/24 port 3
15360a94afeSFan Zhangrt ipv4 dst 192.168.65.0/24 port 2
15460a94afeSFan Zhangrt ipv4 dst 192.168.66.0/24 port 3
15560a94afeSFan Zhangrt ipv4 dst 192.168.185.0/24 port 2
15660a94afeSFan Zhangrt ipv4 dst 192.168.186.0/24 port 3
15760a94afeSFan Zhangrt ipv4 dst 192.168.210.0/24 port 2
15860a94afeSFan Zhangrt ipv4 dst 192.168.211.0/24 port 3
15960a94afeSFan Zhangrt ipv4 dst 192.168.245.0/24 port 2
16060a94afeSFan Zhangrt ipv4 dst 192.168.246.0/24 port 3
16160a94afeSFan Zhang
16260a94afeSFan Zhangrt ipv6 dst 2222:2222:2222:2222:2222:2222:2222:5555/116 port 0
16360a94afeSFan Zhangrt ipv6 dst 2222:2222:2222:2222:2222:2222:2222:6666/116 port 1
16460a94afeSFan Zhangrt ipv6 dst 0000:0000:1111:1111:0000:0000:0000:0000/116 port 0
16560a94afeSFan Zhangrt ipv6 dst 0000:0000:1111:1111:1111:1111:0000:0000/116 port 1
16660a94afeSFan Zhangrt ipv6 dst ffff:0000:0000:0000:aaaa:aaaa:0000:0000/116 port 2
16760a94afeSFan Zhangrt ipv6 dst ffff:0000:0000:0000:bbbb:bbbb:0000:0000/116 port 3
16860a94afeSFan Zhangrt ipv6 dst ffff:0000:0000:0000:5555:5555:0000:0000/116 port 2
16960a94afeSFan Zhangrt ipv6 dst ffff:0000:0000:0000:6666:6666:0000:0000/116 port 3
17060a94afeSFan Zhangrt ipv6 dst ffff:0000:1111:1111:0000:0000:0000:0000/116 port 2
17160a94afeSFan Zhangrt ipv6 dst ffff:0000:1111:1111:1111:1111:0000:0000/116 port 3
172