| create host-interface name vpp |
| set interface ip addr host-vpp 192.168.10.2/24 |
| set interface state host-vpp up |
| |
| create host-interface name priv |
| set interface ip addr host-priv 192.168.3.1/24 |
| set interface state host-priv up |
| |
| ikev2 profile add pr1 |
| ikev2 profile set pr1 auth shared-key-mic string Vpp123 |
| ikev2 profile set pr1 id local fqdn roadwarrior.vpp |
| ikev2 profile set pr1 id remote fqdn sswan.vpn.example.com |
| |
| ikev2 profile set pr1 traffic-selector local ip-range 192.168.3.0 - 192.168.3.255 port-range 0 - 65535 protocol 0 |
| ikev2 profile set pr1 traffic-selector remote ip-range 192.168.5.0 - 192.168.5.255 port-range 0 - 65535 protocol 0 |
| |
| ikev2 profile set pr1 responder host-vpp 192.168.10.1 |
| ikev2 profile set pr1 ike-crypto-alg aes-gcm-16 256 ike-dh modp-2048 |
| ikev2 profile set pr1 esp-crypto-alg aes-gcm-16 256 |
| |
| event-logger clear |
| trace add af-packet-input 100 |
| |
| create ipip tunnel src 192.168.10.2 dst 192.168.10.1 |
| ikev2 profile set pr1 tunnel ipip0 |
| ip route add 192.168.5.0/24 via 192.168.10.1 ipip0 |
| set interface unnumbered ipip0 use host-vpp |
| |
| ikev2 set liveness 30 4 |
| ikev2 set logging level 4 |