vpp-swan: Add plugin for vpp-swan Added plugin vpp-swan is a plugin that helps offloading Strongswan IPsec ESP process from Linux Kernel to VPP. Type: feature Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Iec77945892453fac1890d3c49d7d86fc6b09c893

commit: 4e88e041ad47bf422bbb2a0940f77aba11ea2178 [log] [tgz]
author: Gabriel Oginski <gabrielx.oginski@intel.com> Wed Jun 29 12:54:30 2022 +0000
committer: Fan Zhang <royzhang1980@hotmail.com> Wed Sep 28 17:45:26 2022 +0000
tree: df4e3a9a252212bac900df3a77c438fe5396062e
parent: cf9144e65f37402fc6f7dacb7bd7bad6fd596784 [diff] [blame]
diff --git a/extras/strongswan/vpp_sswan/swanctl.conf b/extras/strongswan/vpp_sswan/swanctl.conf
new file mode 100644
index 0000000..f3e7a78
--- /dev/null
+++ b/extras/strongswan/vpp_sswan/swanctl.conf

@@ -0,0 +1,35 @@
+connections {
+  net-net {
+    local_addrs = 192.168.0.2
+    remote_addrs = 192.168.0.1
+    local {
+      auth = psk
+      id = sun.strongswan.org
+    }
+    remote {
+      auth = psk
+      id = moon.strongswan.org
+    }
+    children {
+      net-net {
+        local_ts = 192.168.200.0/24
+        remote_ts = 192.168.100.0/24
+        esp_proposals = aes128-sha1-modp2048
+        rekey_time = 240m
+      }
+    }
+    version = 2
+    mobike = yes
+    encap = no # NAT-T if needed
+    proposals = aes128-sha256-x25519
+    }
+}
+secrets {
+  ike-net-net {
+    id = moon.strongswan.org
+    secret = simplepsk
+  }
+}
+
+# Include config snippets
+include conf.d/*.conf
commit	4e88e041ad47bf422bbb2a0940f77aba11ea2178	[log] [tgz]
author	Gabriel Oginski <gabrielx.oginski@intel.com>	Wed Jun 29 12:54:30 2022 +0000
committer	Fan Zhang <royzhang1980@hotmail.com>	Wed Sep 28 17:45:26 2022 +0000
tree	df4e3a9a252212bac900df3a77c438fe5396062e
parent	cf9144e65f37402fc6f7dacb7bd7bad6fd596784 [diff] [blame]