Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / b3778cce705305ecc3401b9dd69790b200e82dbe / . / extras / strongswan / configs / responder_nat / vpp.conf
blob: 34c4f8fb7045defae54071509da1aba0042e98a3 [file] [log] [blame]
Filip Tehlard5a33802021-02-20 02:26:17 +0000[diff] [blame]1create host-interface name vpp
2create host-interface name priv
3pipe create
4
5set interface ip addr host-vpp 192.168.10.2/24
6set interface state host-vpp up
7
8ip table add 1
9set int ip table host-priv 1
10set int ip table pipe0.1 1
11
12set interface ip addr host-priv 192.168.3.1/24
13set interface state host-priv up
14
15set int ip address pipe0.0 10.0.0.1/24
16set int ip address pipe0.1 10.0.0.2/24
17set int state pipe0 up
18
19ikev2 profile add pr1
20ikev2 profile set pr1 auth shared-key-mic string Vpp123
21ikev2 profile set pr1 id local fqdn vpp.home
22ikev2 profile set pr1 id remote fqdn roadwarrior.vpn.example.com
23ikev2 profile set pr1 traffic-selector local ip-range 192.168.3.0 - 192.168.3.255 port-range 0 - 65535 protocol 0
24ikev2 profile set pr1 traffic-selector remote ip-range 192.168.5.0 - 192.168.5.255 port-range 0 - 65535 protocol 0
25
26ip route add table 1 192.168.10.0/24 via 10.0.0.1 pipe0.1
27
28create ipip tunnel src 10.0.0.2 dst 192.168.10.1 outer-table-id 1
29set interface ip table ipip0 1
30
31ikev2 profile set pr1 tunnel ipip0
32ip route add table 1 192.168.5.0/24 via ipip0
33set interface unnumbered ipip0 use pipe0.1
34
Filip Tehlar9196ed72022-05-13 00:36:39 +0000[diff] [blame]35nat44 plugin enable
Filip Tehlard5a33802021-02-20 02:26:17 +0000[diff] [blame]36nat44 add address 192.168.10.2
37set interface nat44 in pipe0.0 out host-vpp
38nat44 add static mapping udp local 10.0.0.2 500 external 192.168.10.2 500
39nat44 add static mapping udp local 10.0.0.2 4500 external 192.168.10.2 4500
40
41event-logger clear
42trace add af-packet-input 100
43ikev2 set liveness 10 2
44ikev2 set logging level 4