misc: add ikev2 tests usecases
Type: test
Ticket: VPP-1893
Change-Id: Ib6ffd00e73f7110bf9e702f4a0fd5c68395d6786
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
diff --git a/extras/strongswan/configs/initiator/ipsec.conf b/extras/strongswan/configs/initiator/ipsec.conf
new file mode 100644
index 0000000..6a7c0f6
--- /dev/null
+++ b/extras/strongswan/configs/initiator/ipsec.conf
@@ -0,0 +1,22 @@
+config setup
+ strictcrlpolicy=no
+
+conn initiator
+ mobike=no
+ auto=add
+ type=tunnel
+ keyexchange=ikev2
+ ike=aes256gcm16-prfsha256-modp2048!
+ esp=aes256gcm16-esn!
+
+# local:
+ leftauth=psk
+ leftid=@sswan.vpn.example.com
+ leftsubnet=192.168.5.0/24
+
+# remote: (gateway)
+ rightid=@roadwarrior.vpp
+ right=192.168.10.2
+ rightauth=psk
+ rightsubnet=192.168.3.0/24
+
diff --git a/extras/strongswan/configs/initiator/ipsec.secrets b/extras/strongswan/configs/initiator/ipsec.secrets
new file mode 100644
index 0000000..adcf951
--- /dev/null
+++ b/extras/strongswan/configs/initiator/ipsec.secrets
@@ -0,0 +1 @@
+: PSK 'Vpp123'
diff --git a/extras/strongswan/configs/initiator/vpp.conf b/extras/strongswan/configs/initiator/vpp.conf
new file mode 100644
index 0000000..36352aa
--- /dev/null
+++ b/extras/strongswan/configs/initiator/vpp.conf
@@ -0,0 +1,30 @@
+create host-interface name vpp
+set interface ip addr host-vpp 192.168.10.2/24
+set interface state host-vpp up
+
+create host-interface name priv
+set interface ip addr host-priv 192.168.3.1/24
+set interface state host-priv up
+
+ikev2 profile add pr1
+ikev2 profile set pr1 auth shared-key-mic string Vpp123
+ikev2 profile set pr1 id local fqdn roadwarrior.vpp
+ikev2 profile set pr1 id remote fqdn sswan.vpn.example.com
+
+ikev2 profile set pr1 traffic-selector local ip-range 192.168.3.0 - 192.168.3.255 port-range 0 - 65535 protocol 0
+ikev2 profile set pr1 traffic-selector remote ip-range 192.168.5.0 - 192.168.5.255 port-range 0 - 65535 protocol 0
+
+ikev2 profile set pr1 responder host-vpp 192.168.10.1
+ikev2 profile set pr1 ike-crypto-alg aes-gcm-16 256 ike-dh modp-2048
+ikev2 profile set pr1 esp-crypto-alg aes-gcm-16 256
+
+event-logger clear
+trace add af-packet-input 100
+
+create ipip tunnel src 192.168.10.2 dst 192.168.10.1
+ikev2 profile set pr1 tunnel ipip0
+ip route add 192.168.5.0/24 via 192.168.10.1 ipip0
+set interface unnumbered ipip0 use host-vpp
+
+ikev2 set liveness 30 4
+ikev2 set logging level 4