18f600988SFan Zhang#! /bin/bash 21dc48bceSStephen Hemminger# SPDX-License-Identifier: BSD-3-Clause 38f600988SFan Zhang 48f600988SFan ZhangCRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_aesni_mb0"'} 58f600988SFan Zhang 68f600988SFan Zhang#generate cfg file for ipsec-secgw 78f600988SFan Zhangconfig_secgw() 88f600988SFan Zhang{ 98f600988SFan Zhang cat <<EOF > ${SGW_CFG_FILE} 108f600988SFan Zhang#SP in IPv4 rules 118f600988SFan Zhangsp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \ 128f600988SFan Zhangsport 0:65535 dport 0:65535 138f600988SFan Zhangsp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535 148f600988SFan Zhang 158f600988SFan Zhang#SP out IPv4 rules 168f600988SFan Zhangsp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \ 178f600988SFan Zhangsport 0:65535 dport 0:65535 188f600988SFan Zhangsp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535 198f600988SFan Zhang 208f600988SFan Zhang#sp in IPv6 rules 218f600988SFan Zhangsp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \ 228f600988SFan Zhangsport 0:65535 dport 0:65535 238f600988SFan Zhangsp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535 248f600988SFan Zhang 258f600988SFan Zhang#SP out IPv6 rules 268f600988SFan Zhangsp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \ 278f600988SFan Zhangsport 0:65535 dport 0:65535 288f600988SFan Zhangsp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535 298f600988SFan Zhang 308f600988SFan Zhang#SA in rules 318f600988SFan Zhangsa in 7 cipher_algo aes-128-ctr \ 328f600988SFan Zhangcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ 338f600988SFan Zhangauth_algo sha1-hmac \ 348f600988SFan Zhangauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ 35*9dbc4e21SMariusz Drostmode transport ${SGW_CFG_XPRM_IN} 368f600988SFan Zhang 378f600988SFan Zhangsa in 9 cipher_algo aes-128-ctr \ 388f600988SFan Zhangcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ 398f600988SFan Zhangauth_algo sha1-hmac \ 408f600988SFan Zhangauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ 41*9dbc4e21SMariusz Drostmode transport ${SGW_CFG_XPRM_IN} 428f600988SFan Zhang 438f600988SFan Zhang#SA out rules 448f600988SFan Zhangsa out 7 cipher_algo aes-128-ctr \ 458f600988SFan Zhangcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ 468f600988SFan Zhangauth_algo sha1-hmac \ 478f600988SFan Zhangauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ 48*9dbc4e21SMariusz Drostmode transport ${SGW_CFG_XPRM_OUT} 498f600988SFan Zhang 508f600988SFan Zhang#SA out rules 518f600988SFan Zhangsa out 9 cipher_algo aes-128-ctr \ 528f600988SFan Zhangcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ 538f600988SFan Zhangauth_algo sha1-hmac \ 548f600988SFan Zhangauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ 55*9dbc4e21SMariusz Drostmode transport ${SGW_CFG_XPRM_OUT} 568f600988SFan Zhang 578f600988SFan Zhang#Routing rules 588f600988SFan Zhangrt ipv4 dst ${REMOTE_IPV4}/32 port 0 598f600988SFan Zhangrt ipv4 dst ${LOCAL_IPV4}/32 port 1 608f600988SFan Zhang 618f600988SFan Zhangrt ipv6 dst ${REMOTE_IPV6}/128 port 0 628f600988SFan Zhangrt ipv6 dst ${LOCAL_IPV6}/128 port 1 638f600988SFan Zhang 648f600988SFan Zhang#neighbours 658f600988SFan Zhangneigh port 0 ${REMOTE_MAC} 668f600988SFan Zhangneigh port 1 ${LOCAL_MAC} 678f600988SFan ZhangEOF 688f600988SFan Zhang 698f600988SFan Zhang cat ${SGW_CFG_FILE} 708f600988SFan Zhang} 71