192978445SKonstantin Ananyev#! /bin/bash 21dc48bceSStephen Hemminger# SPDX-License-Identifier: BSD-3-Clause 392978445SKonstantin Ananyev 492978445SKonstantin AnanyevCRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_aesni_gcm0"'} 592978445SKonstantin Ananyev 692978445SKonstantin Ananyev#generate cfg file for ipsec-secgw 792978445SKonstantin Ananyevconfig_secgw() 892978445SKonstantin Ananyev{ 992978445SKonstantin Ananyev cat <<EOF > ${SGW_CFG_FILE} 1092978445SKonstantin Ananyev#SP in IPv4 rules 1192978445SKonstantin Ananyevsp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \ 1292978445SKonstantin Ananyevsport 0:65535 dport 0:65535 1392978445SKonstantin Ananyevsp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535 1492978445SKonstantin Ananyev 1592978445SKonstantin Ananyev#SP out IPv4 rules 1692978445SKonstantin Ananyevsp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \ 1792978445SKonstantin Ananyevsport 0:65535 dport 0:65535 1892978445SKonstantin Ananyevsp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535 1992978445SKonstantin Ananyev 2092978445SKonstantin Ananyev#SP in IPv6 rules 2192978445SKonstantin Ananyevsp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \ 2292978445SKonstantin Ananyevsport 0:65535 dport 0:65535 2392978445SKonstantin Ananyevsp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535 2492978445SKonstantin Ananyev 2592978445SKonstantin Ananyev#SP out IPv6 rules 2692978445SKonstantin Ananyevsp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \ 2792978445SKonstantin Ananyevsport 0:65535 dport 0:65535 2892978445SKonstantin Ananyevsp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535 2992978445SKonstantin Ananyev 3092978445SKonstantin Ananyev#SA in rules 3192978445SKonstantin Ananyevsa in 7 aead_algo aes-128-gcm \ 3292978445SKonstantin Ananyevaead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ 33*9dbc4e21SMariusz Drostmode transport ${SGW_CFG_XPRM_IN} 3492978445SKonstantin Ananyev 3592978445SKonstantin Ananyevsa in 9 aead_algo aes-128-gcm \ 3692978445SKonstantin Ananyevaead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ 37*9dbc4e21SMariusz Drostmode transport ${SGW_CFG_XPRM_IN} 3892978445SKonstantin Ananyev 3992978445SKonstantin Ananyev#SA out rules 4092978445SKonstantin Ananyevsa out 7 aead_algo aes-128-gcm \ 4192978445SKonstantin Ananyevaead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ 42*9dbc4e21SMariusz Drostmode transport ${SGW_CFG_XPRM_OUT} 4392978445SKonstantin Ananyev 4492978445SKonstantin Ananyevsa out 9 aead_algo aes-128-gcm \ 4592978445SKonstantin Ananyevaead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ 46*9dbc4e21SMariusz Drostmode transport ${SGW_CFG_XPRM_OUT} 4792978445SKonstantin Ananyev 4892978445SKonstantin Ananyev#Routing rules 4992978445SKonstantin Ananyevrt ipv4 dst ${REMOTE_IPV4}/32 port 0 5092978445SKonstantin Ananyevrt ipv4 dst ${LOCAL_IPV4}/32 port 1 5192978445SKonstantin Ananyev 5292978445SKonstantin Ananyevrt ipv6 dst ${REMOTE_IPV6}/128 port 0 5392978445SKonstantin Ananyevrt ipv6 dst ${LOCAL_IPV6}/128 port 1 5492978445SKonstantin Ananyev 5592978445SKonstantin Ananyev#neighbours 5692978445SKonstantin Ananyevneigh port 0 ${REMOTE_MAC} 5792978445SKonstantin Ananyevneigh port 1 ${LOCAL_MAC} 5892978445SKonstantin AnanyevEOF 5992978445SKonstantin Ananyev 6092978445SKonstantin Ananyev cat ${SGW_CFG_FILE} 6192978445SKonstantin Ananyev} 62