BSD Router Project

User Tools

Site Tools

Trace:
documentation:examples:ipsec_performance_of_a_netgate_rcc-ve_4860

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
documentation:examples:ipsec_performance_of_a_netgate_rcc-ve_4860 [2020/09/22 12:00] – [Diagram] olivierdocumentation:examples:ipsec_performance_of_a_netgate_rcc-ve_4860 [2020/09/22 12:02] – [Netgate (DUT)] olivier
Line 52: Line 52:
 ==== Netgate (DUT) ==== ==== Netgate (DUT) ====
  
 +/boot/loader.conf:
 +<code>
 +# Loading AES-NI module sooner to be sure it is loaded before IPsec keys
 +aesni_load="YES"
 +</code>
 Configure IP address, routes and static IPSec: Configure IP address, routes and static IPSec:
  
Line 61: Line 66:
 static_routes="generator receiver" static_routes="generator receiver"
 route_generator="-net 198.18.0.0/16 198.18.0.201" route_generator="-net 198.18.0.0/16 198.18.0.201"
-route_receiver="-net 198.19.0.0/16 198.18.1.203"+route_receiver="-net 198.19.0.0/16 198.18.2.203"
 static_arp_pairs="receiver generator" static_arp_pairs="receiver generator"
 static_arp_generator="198.18.0.201 00:1b:21:d4:3f:2a" static_arp_generator="198.18.0.201 00:1b:21:d4:3f:2a"
Line 73: Line 78:
 ipv6_static_routes="generator receiver" ipv6_static_routes="generator receiver"
 ipv6_route_generator="2001:2:: -prefixlen 49 2001:2::201" ipv6_route_generator="2001:2:: -prefixlen 49 2001:2::201"
-ipv6_route_receiver="2001:2:0:8000:: -prefixlen 49 2001:2:0:1::203"+ipv6_route_receiver="2001:2:0:8000:: -prefixlen 49 2001:2:0:2::203"
 static_ndp_pairs="receiver generator" static_ndp_pairs="receiver generator"
 static_ndp_generator="2001:2::201 00:1b:21:d4:3f:2a" static_ndp_generator="2001:2::201 00:1b:21:d4:3f:2a"
 static_ndp_receiver="2001:2:0:1::203 00:1b:21:c4:95:7a" static_ndp_receiver="2001:2:0:1::203 00:1b:21:c4:95:7a"
 +cloned_interfaces="ipsec0"
 +create_args_ipsec0="reqid 100"
 +ifconfig_ipsec0="inet 198.18.2.209/24 198.18.2.203 tunnel 198.18.1.209 198.18.1.203"
 +ifconfig_ipsec0_ipv6="inet6 2001:2:0:2::209 prefixlen 64"
  
-# Enabling IPSec+# Enabling IPsec
 ipsec_enable="YES" ipsec_enable="YES"
- 
-# Enabling AES-NI 
-kld_list="aesni" 
 </code> </code>
  
Line 89: Line 95:
 flush; flush;
 spdflush; spdflush;
-spdadd 198.18.0.0/16 198.19.0.0/16 any -P out ipsec esp/tunnel/198.18.1.209-198.18.1.203/require; +add 198.18.1.203 198.18.1.209 esp 10000 -m tunnel -u 100 -E aes-gcm-16 "12345678901234567890"; 
-spdadd 198.19.0.0/16 198.18.0.0/16 any -P in ipsec esp/tunnel/198.18.1.203-198.18.1.209/require; +add 198.18.1.209 198.18.1.203 esp 10001 -tunnel -u 100 -E aes-gcm-16 "12345678901234567890";
-add 198.18.1.203 198.18.1.209 esp 0x1000 -E aes-gcm-16 "12345678901234567890"; +
-add 198.18.1.209 198.18.1.203 esp 0x1001 -E aes-gcm-16 "12345678901234567890"; +
-spdadd 2001:2::/49 2001:2:0:8000::/49 any -P out ipsec esp/tunnel/2001:2:0:1::209-2001:2:0:1::203/require; +
-spdadd 2001:2:0:8000::/49 2001:2::/49 any -P in ipsec esp/tunnel/2001:2:0:1::203-2001:2:0:1::209/require; +
-add 2001:2:0:1::203 2001:2:0:1::209 esp 0x1002 -E aes-gcm-16 "12345678901234567890"; +
-add 2001:2:0:1::209 2001:2:0:1::203 esp 0x1003 -E aes-gcm-16 "12345678901234567890";+
 </code> </code>
  
documentation/examples/ipsec_performance_of_a_netgate_rcc-ve_4860.txt · Last modified: 2020/09/22 12:08 by olivier
Except where otherwise noted, content on this wiki is licensed under the following license: BSD 2-Clause
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki