xref: /dpdk/examples/ipsec-secgw/ep1.cfg (revision 742be57872bed881106ed93f4dadc645d32e1996) 
160a94afeSFan Zhang###########################################################################
260a94afeSFan Zhang#   IPSEC-SECGW Endpoint1 sample configuration
360a94afeSFan Zhang#
460a94afeSFan Zhang#   The main purpose of this file is to show how to configure two systems
560a94afeSFan Zhang#   back-to-back that would forward traffic through an IPsec tunnel. This
660a94afeSFan Zhang#   file is the Endpoint1 configuration. To use this configuration file,
760a94afeSFan Zhang#   add the following command-line option:
860a94afeSFan Zhang#
960a94afeSFan Zhang#       -f ./ep1.cfg
1060a94afeSFan Zhang#
1160a94afeSFan Zhang###########################################################################
1260a94afeSFan Zhang
1360a94afeSFan Zhang#SP IPv4 rules
1460a94afeSFan Zhangsp ipv4 in esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535
1560a94afeSFan Zhangsp ipv4 in esp protect 6 pri 1 dst 192.168.106.0/24 sport 0:65535 dport 0:65535
1660a94afeSFan Zhangsp ipv4 in esp protect 10 pri 1 dst 192.168.175.0/24 sport 0:65535 dport 0:65535
1760a94afeSFan Zhangsp ipv4 in esp protect 11 pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535
1860a94afeSFan Zhangsp ipv4 in esp protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535
1960a94afeSFan Zhangsp ipv4 in esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport 0:65535
2060a94afeSFan Zhangsp ipv4 in esp protect 25 pri 1 dst 192.168.55.0/24 sport 0:65535 dport 0:65535
2160a94afeSFan Zhangsp ipv4 in esp protect 26 pri 1 dst 192.168.56.0/24 sport 0:65535 dport 0:65535
22*742be578SLukasz Bartosiksp ipv4 in esp bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535
23*742be578SLukasz Bartosiksp ipv4 in esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535
2460a94afeSFan Zhang
2560a94afeSFan Zhangsp ipv4 out esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535 dport 0:65535
2660a94afeSFan Zhangsp ipv4 out esp protect 106 pri 1 dst 192.168.116.0/24 sport 0:65535 dport 0:65535
2760a94afeSFan Zhangsp ipv4 out esp protect 110 pri 1 dst 192.168.185.0/24 sport 0:65535 dport 0:65535
2860a94afeSFan Zhangsp ipv4 out esp protect 111 pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535
2960a94afeSFan Zhangsp ipv4 out esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535
3060a94afeSFan Zhangsp ipv4 out esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport 0:65535
3160a94afeSFan Zhangsp ipv4 out esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535
3260a94afeSFan Zhangsp ipv4 out esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535
3360a94afeSFan Zhangsp ipv4 out esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535
3460a94afeSFan Zhangsp ipv4 out esp protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535
3560a94afeSFan Zhangsp ipv4 out esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535 dport 0:65535
3660a94afeSFan Zhangsp ipv4 out esp bypass pri 1 dst 192.168.246.0/24 sport 0:65535 dport 0:65535
3760a94afeSFan Zhang
3860a94afeSFan Zhang#SP IPv6 rules
3960a94afeSFan Zhangsp ipv6 in esp protect 5 pri 1 dst 0000:0000:0000:0000:5555:5555:0000:0000/96 \
4060a94afeSFan Zhangsport 0:65535 dport 0:65535
4160a94afeSFan Zhangsp ipv6 in esp protect 6 pri 1 dst 0000:0000:0000:0000:6666:6666:0000:0000/96 \
4260a94afeSFan Zhangsport 0:65535 dport 0:65535
4360a94afeSFan Zhangsp ipv6 in esp protect 10 pri 1 dst 0000:0000:1111:1111:0000:0000:0000:0000/96 \
4460a94afeSFan Zhangsport 0:65535 dport 0:65535
4560a94afeSFan Zhangsp ipv6 in esp protect 11 pri 1 dst 0000:0000:1111:1111:1111:1111:0000:0000/96 \
4660a94afeSFan Zhangsport 0:65535 dport 0:65535
4760a94afeSFan Zhangsp ipv6 in esp protect 25 pri 1 dst 0000:0000:0000:0000:aaaa:aaaa:0000:0000/96 \
4860a94afeSFan Zhangsport 0:65535 dport 0:65535
4960a94afeSFan Zhangsp ipv6 in esp protect 26 pri 1 dst 0000:0000:0000:0000:bbbb:bbbb:0000:0000/96 \
5060a94afeSFan Zhangsport 0:65535 dport 0:65535
5160a94afeSFan Zhang
5260a94afeSFan Zhangsp ipv6 out esp protect 110 pri 1 dst ffff:0000:1111:1111:0000:0000:0000:0000/96 \
5360a94afeSFan Zhangsport 0:65535 dport 0:65535
5460a94afeSFan Zhangsp ipv6 out esp protect 111 pri 1 dst ffff:0000:1111:1111:1111:1111:0000:0000/96 \
5560a94afeSFan Zhangsport 0:65535 dport 0:65535
56*742be578SLukasz Bartosiksp ipv6 out esp protect 115 pri 1 dst ffff:0000:0000:0000:5555:5555:0000:0000/96 \
57*742be578SLukasz Bartosiksport 0:65535 dport 0:65535
58*742be578SLukasz Bartosiksp ipv6 out esp protect 116 pri 1 dst ffff:0000:0000:0000:6666:6666:0000:0000/96 \
59*742be578SLukasz Bartosiksport 0:65535 dport 0:65535
6060a94afeSFan Zhangsp ipv6 out esp protect 125 pri 1 dst ffff:0000:0000:0000:aaaa:aaaa:0000:0000/96 \
6160a94afeSFan Zhangsport 0:65535 dport 0:65535
6260a94afeSFan Zhangsp ipv6 out esp protect 126 pri 1 dst ffff:0000:0000:0000:bbbb:bbbb:0000:0000/96 \
6360a94afeSFan Zhangsport 0:65535 dport 0:65535
6460a94afeSFan Zhang
6560a94afeSFan Zhang#SA rules
6660a94afeSFan Zhangsa in 5 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
6760a94afeSFan Zhangauth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
6860a94afeSFan Zhangmode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5
6960a94afeSFan Zhang
7060a94afeSFan Zhangsa in 6 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
7160a94afeSFan Zhanga0:a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
7260a94afeSFan Zhanga0:a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
7360a94afeSFan Zhang
7460a94afeSFan Zhangsa in 10 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
7560a94afeSFan Zhanga1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
7660a94afeSFan Zhanga1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
7760a94afeSFan Zhang
7860a94afeSFan Zhangsa in 11 cipher_algo aes-128-cbc cipher_key b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:\
7960a94afeSFan Zhangb2:b2:b2:b2:b2 auth_algo sha1-hmac auth_key b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:\
8060a94afeSFan Zhangb2:b2:b2:b2:b2:b2:b2:b2:b2 mode transport
8160a94afeSFan Zhang
8260a94afeSFan Zhangsa in 15 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.1.5 \
8360a94afeSFan Zhangdst 172.16.2.5
8460a94afeSFan Zhang
8560a94afeSFan Zhangsa in 16 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.1.6 \
8660a94afeSFan Zhangdst 172.16.2.6
8760a94afeSFan Zhang
8860a94afeSFan Zhangsa in 25 cipher_algo aes-128-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
8960a94afeSFan Zhangc3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
9060a94afeSFan Zhangc3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
9160a94afeSFan Zhangsrc 1111:1111:1111:1111:1111:1111:1111:5555 \
9260a94afeSFan Zhangdst 2222:2222:2222:2222:2222:2222:2222:5555
9360a94afeSFan Zhang
9460a94afeSFan Zhangsa in 26 cipher_algo aes-128-cbc cipher_key 4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:\
9560a94afeSFan Zhang4d:4d:4d:4d:4d auth_algo sha1-hmac auth_key 4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:\
9660a94afeSFan Zhang4d:4d:4d:4d:4d:4d:4d:4d:4d mode ipv6-tunnel \
9760a94afeSFan Zhangsrc 1111:1111:1111:1111:1111:1111:1111:6666 \
9860a94afeSFan Zhangdst 2222:2222:2222:2222:2222:2222:2222:6666
9960a94afeSFan Zhang
10060a94afeSFan Zhangsa out 105 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
10160a94afeSFan Zhangauth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
10260a94afeSFan Zhangmode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
10360a94afeSFan Zhang
10460a94afeSFan Zhangsa out 106 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
10560a94afeSFan Zhanga0:a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
10660a94afeSFan Zhanga0:a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
10760a94afeSFan Zhang
10860a94afeSFan Zhangsa out 110 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
10960a94afeSFan Zhanga1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
11060a94afeSFan Zhanga1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
11160a94afeSFan Zhang
11260a94afeSFan Zhangsa out 111 cipher_algo aes-128-cbc cipher_key b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:\
11360a94afeSFan Zhangb2:b2:b2:b2:b2 auth_algo sha1-hmac auth_key b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:\
11460a94afeSFan Zhangb2:b2:b2:b2:b2:b2:b2:b2:b2 mode transport
11560a94afeSFan Zhang
11660a94afeSFan Zhangsa out 115 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.2.5 \
11760a94afeSFan Zhangdst 172.16.1.5
11860a94afeSFan Zhang
11960a94afeSFan Zhangsa out 116 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
12060a94afeSFan Zhang
12160a94afeSFan Zhangsa out 125 cipher_algo aes-128-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
12260a94afeSFan Zhangc3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
12360a94afeSFan Zhangc3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
12460a94afeSFan Zhangsrc 2222:2222:2222:2222:2222:2222:2222:5555 \
12560a94afeSFan Zhangdst 1111:1111:1111:1111:1111:1111:1111:5555
12660a94afeSFan Zhang
12760a94afeSFan Zhangsa out 126 cipher_algo aes-128-cbc cipher_key 4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:\
12860a94afeSFan Zhang4d:4d:4d:4d:4d auth_algo sha1-hmac auth_key 4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:\
12960a94afeSFan Zhang4d:4d:4d:4d:4d:4d:4d:4d:4d mode ipv6-tunnel \
13060a94afeSFan Zhangsrc 2222:2222:2222:2222:2222:2222:2222:6666 \
13160a94afeSFan Zhangdst 1111:1111:1111:1111:1111:1111:1111:6666
13260a94afeSFan Zhang
13360a94afeSFan Zhang#Routing rules
13460a94afeSFan Zhangrt ipv4 dst 172.16.1.5/32 port 0
13560a94afeSFan Zhangrt ipv4 dst 172.16.1.6/32 port 1
13660a94afeSFan Zhangrt ipv4 dst 192.168.185.0/24 port 0
13760a94afeSFan Zhangrt ipv4 dst 192.168.186.0/24 port 1
13860a94afeSFan Zhangrt ipv4 dst 192.168.245.0/24 port 0
13960a94afeSFan Zhangrt ipv4 dst 192.168.246.0/24 port 1
14060a94afeSFan Zhangrt ipv4 dst 192.168.105.0/24 port 2
14160a94afeSFan Zhangrt ipv4 dst 192.168.106.0/24 port 3
14260a94afeSFan Zhangrt ipv4 dst 192.168.55.0/24 port 2
14360a94afeSFan Zhangrt ipv4 dst 192.168.56.0/24 port 3
14460a94afeSFan Zhangrt ipv4 dst 192.168.175.0/24 port 2
14560a94afeSFan Zhangrt ipv4 dst 192.168.176.0/24 port 3
14660a94afeSFan Zhangrt ipv4 dst 192.168.200.0/24 port 2
14760a94afeSFan Zhangrt ipv4 dst 192.168.201.0/24 port 3
14860a94afeSFan Zhangrt ipv4 dst 192.168.240.0/24 port 2
14960a94afeSFan Zhangrt ipv4 dst 192.168.241.0/24 port 3
15060a94afeSFan Zhang
15160a94afeSFan Zhangrt ipv6 dst 1111:1111:1111:1111:1111:1111:1111:5555/116 port 0
15260a94afeSFan Zhangrt ipv6 dst 1111:1111:1111:1111:1111:1111:1111:6666/116 port 1
15360a94afeSFan Zhangrt ipv6 dst ffff:0000:1111:1111:0000:0000:0000:0000/116 port 0
15460a94afeSFan Zhangrt ipv6 dst ffff:0000:1111:1111:1111:1111:0000:0000/116 port 1
15560a94afeSFan Zhangrt ipv6 dst 0000:0000:0000:0000:aaaa:aaaa:0000:0000/116 port 2
15660a94afeSFan Zhangrt ipv6 dst 0000:0000:0000:0000:bbbb:bbbb:0000:0000/116 port 3
15760a94afeSFan Zhangrt ipv6 dst 0000:0000:0000:0000:5555:5555:0000:0000/116 port 2
15860a94afeSFan Zhangrt ipv6 dst 0000:0000:0000:0000:6666:6666:0000:0000/116 port 3
15960a94afeSFan Zhangrt ipv6 dst 0000:0000:1111:1111:0000:0000:0000:0000/116 port 2
16060a94afeSFan Zhangrt ipv6 dst 0000:0000:1111:1111:1111:1111:0000:0000/116 port 3
161