| Filip Tehlar | d5a3380 | 2021-02-20 02:26:17 +0000 | [diff] [blame] | 1 | # |
| 2 | # 2 initiators (strongswan), 1 responder (vpp) topology |
| 3 | # |
| 4 | |
| 5 | if [ -f ~/.vpp_sswan ]; then |
| 6 | . ~/.vpp_sswan |
| 7 | fi |
| 8 | |
| 9 | STARTUP_DIR="`pwd`" |
| 10 | SSWAN_CFG_DIR=/tmp/sswan |
| 11 | |
| 12 | vppctl () { |
| 13 | sudo $VPPCTL -s /tmp/vpp_sswan.sock $@ |
| 14 | } |
| 15 | |
| 16 | start_vpp() { |
| 17 | sudo $VPP_BIN unix { \ |
| 18 | cli-listen /tmp/vpp_sswan.sock \ |
| 19 | gid $(id -g) } \ |
| 20 | api-segment { prefix vpp } \ |
| 21 | plugins { plugin dpdk_plugin.so { disable } } |
| 22 | sleep 5 |
| 23 | |
| 24 | echo "exec $STARTUP_DIR/configs/$TC_DIR/vpp.conf" |
| 25 | vppctl exec $STARTUP_DIR/configs/$TC_DIR/vpp.conf |
| 26 | sleep 3 |
| 27 | } |
| 28 | |
| 29 | initiator_conf() { |
| 30 | sudo rm -r $SSWAN_CFG_DIR$1 |
| 31 | sudo mkdir -p $SSWAN_CFG_DIR$1 |
| 32 | sudo cp configs/$TC_DIR/ipsec$1.conf $SSWAN_CFG_DIR$1/ipsec.conf |
| 33 | sudo cp configs/$TC_DIR/ipsec.secrets $SSWAN_CFG_DIR$1/ipsec.secrets |
| 34 | sudo cp configs/strongswan.conf $SSWAN_CFG_DIR$1/strongswan.conf |
| 35 | } |
| 36 | |
| 37 | config_topo () { |
| 38 | ns_name="ns"$1 |
| 39 | init_name="sswan"$1 |
| 40 | (sudo ip link add gw$1 type veth peer name veth_gw$1 |
| 41 | sudo ip link set dev gw$1 up |
| 42 | |
| 43 | sudo ip netns add $ns_name |
| 44 | sudo ip link add veth_priv$1 type veth peer name priv$1 |
| 45 | sudo ip link set dev priv$1 up |
| 46 | sudo ip link set dev veth_priv$1 up netns $ns_name |
| 47 | |
| 48 | sudo ip netns exec $ns_name \ |
| 49 | bash -c " |
| 50 | ip link set dev lo up |
| 51 | ip addr add 192.168.3.2/24 dev veth_priv$1 |
| 52 | ip addr add fec3::2/16 dev veth_priv$1 |
| 53 | ip route add 192.168.5.0/24 via 192.168.3.1 |
| 54 | ip route add fec5::0/16 via fec3::1 |
| 55 | ") &> /dev/null |
| 56 | |
| 57 | initiator_conf $1 |
| 58 | |
| 59 | (docker run --name $init_name -d --privileged --rm --net=none \ |
| 60 | -v $SSWAN_CFG_DIR$1:/conf -v $SSWAN_CFG_DIR$1:/etc/ipsec.d philplckthun/strongswan) |
| 61 | |
| 62 | pid=$(docker inspect --format "{{.State.Pid}}" $init_name) |
| 63 | sudo ip link set netns $pid dev veth_gw$1 |
| 64 | |
| 65 | sudo nsenter -t $pid -n ip addr add 192.168.10.1/24 dev veth_gw$1 |
| 66 | sudo nsenter -t $pid -n ip link set dev veth_gw$1 up |
| 67 | |
| 68 | sudo nsenter -t $pid -n ip addr add 192.168.5.2/32 dev lo |
| 69 | sudo nsenter -t $pid -n ip link set dev lo up |
| 70 | } |
| 71 | |
| 72 | initiate_from_sswan () { |
| 73 | echo "start initiation.." |
| 74 | sudo docker exec sswan$1 ipsec up initiator |
| 75 | sleep 3 |
| 76 | } |
| 77 | |
| 78 | test_ping() { |
| 79 | sudo ip netns exec $1 ping -c 1 192.168.5.2 |
| 80 | rc=$? |
| 81 | if [ $rc -ne 0 ] ; then |
| 82 | echo "Test failed!" |
| 83 | else |
| 84 | echo "Test passed." |
| 85 | fi |
| 86 | return $rc |
| 87 | } |
| 88 | |
| 89 | unconf_topo () { |
| 90 | docker stop sswan1 &> /dev/null |
| 91 | docker stop sswan2 &> /dev/null |
| 92 | sudo pkill vpp |
| 93 | sudo ip netns delete ns1 |
| 94 | sudo ip netns delete ns2 |
| 95 | sleep 2 |
| 96 | } |
| 97 | |
| 98 | initiate_from_vpp () { |
| 99 | vppctl ikev2 initiate sa-init pr1 |
| 100 | sleep 2 |
| 101 | } |
| 102 | |
| 103 | #vpp as an responder |
| 104 | run_responder_test() { |
| 105 | unconf_topo |
| 106 | config_topo "1" |
| 107 | config_topo "2" |
| 108 | start_vpp |
| 109 | initiate_from_sswan "1" |
| 110 | initiate_from_sswan "2" |
| 111 | test_ping "ns2" |
| 112 | test_ping "ns1" |
| 113 | } |