Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languageyml
titleSDEWAN IPSec CRD
apiVersion: sdewan.akraino.org/v1alpha1 
kind: IPSecSite IpsecSite
metadata: 
  name: siteA ipsecsite-sample
spec:
  sites:
  - name: siteA
    gateway: 10.0.1.2
    pre_shared_key: test123
    authentication_method: psk
    local_identifier: C=CH, O=strongSwan, CN=peer
    remote_identifier: C=CH, O=strongSwan, CN=peerB
    crypto_proposal:
      - proposal1
    force_crypto_proposal: true"0"
    connections:
    - name: connA
      type: tunnel/transport
      mode: start
      local_subnet: 192.168.1.1/24
    local_nat:
    local_sourceip: 10.0.1.1
    local_updown: 
    local_firewall:
    remote_subnet: 192.168.0.1/24
      remote_sourceip: 10.0.1.2
    remote  crypto_updownproposal:
    remote_firewall:
    crypto_proposal:- proposal2
  proposals:
    - name: proposal1
      encryption_algorithm: aes128
      hash_algorithm: sha256
      dh_group: modp3072
    - name: proposal2
      encryption_algorithm: aes128
      hash_algorithm: sha128
      dh_group: modp3072

IPSec Rest API

SD-EWAN IPSec Restful API provides support to get/create/update/delete IPSec Site, Proposal.

...