| Filip Tehlar | d5a3380 | 2021-02-20 02:26:17 +0000 | [diff] [blame^] | 1 | create host-interface name vpp |
| 2 | set interface ip addr host-vpp 192.168.10.2/24 |
| 3 | set interface state host-vpp up |
| 4 | |
| 5 | create host-interface name priv |
| 6 | set interface ip addr host-priv 192.168.3.1/24 |
| 7 | set interface state host-priv up |
| 8 | |
| 9 | ikev2 profile add pr1 |
| 10 | ikev2 profile set pr1 auth shared-key-mic string Vpp123 |
| 11 | ikev2 profile set pr1 id local fqdn roadwarrior.vpp |
| 12 | ikev2 profile set pr1 id remote fqdn sswan.vpn.example.com |
| 13 | |
| 14 | ikev2 profile set pr1 traffic-selector local ip-range 192.168.3.0 - 192.168.3.255 port-range 0 - 65535 protocol 0 |
| 15 | ikev2 profile set pr1 traffic-selector remote ip-range 192.168.5.0 - 192.168.5.255 port-range 0 - 65535 protocol 0 |
| 16 | |
| 17 | ikev2 profile set pr1 responder host-vpp 192.168.10.1 |
| 18 | ikev2 profile set pr1 ike-crypto-alg aes-gcm-16 256 ike-dh modp-2048 |
| 19 | ikev2 profile set pr1 esp-crypto-alg aes-gcm-16 256 |
| 20 | |
| 21 | event-logger clear |
| 22 | trace add af-packet-input 100 |
| 23 | |
| 24 | create ipip tunnel src 192.168.10.2 dst 192.168.10.1 |
| 25 | ikev2 profile set pr1 tunnel ipip0 |
| 26 | ip route add 192.168.5.0/24 via 192.168.10.1 ipip0 |
| 27 | set interface unnumbered ipip0 use host-vpp |
| 28 | |
| 29 | ikev2 set liveness 30 4 |
| 30 | ikev2 set logging level 4 |