Add Debian11 + Debian 12 openssl file and update swanctl example files

Add Debian11 and Debian12 openssl.mlnx file Update swanctl BFL and BFR example files: Convert bf child to bf-in and bf-out children per this discussion: strongswan#964 Change hw_offload from "full" to "packet" Signed-off-by: Feras Bisharat <fbisharat@nvidia.com>
Mellanox · Oct 9, 2023 · 52c2ce1 · 52c2ce1
1 parent cda76a7
commit 52c2ce1
Show file tree

Hide file tree

Showing 4 changed files with 766 additions and 8 deletions.
diff --git a/mlnx-conf/BFL.swanctl.conf b/mlnx-conf/BFL.swanctl.conf
@@ -1,4 +1,4 @@
-# LEFT: strongswan BF-2 config file 
+# LEFT: strongswan BF config file
 connections {
    BFL-BFR {
       local_addrs  = 192.168.50.1
@@ -14,13 +14,21 @@ connections {
       }
 
       children {
-         bf {
-            local_ts = 192.168.50.1/24 [udp/4789]
+         bf-out {
+            local_ts = 192.168.50.1/24 [udp]
             remote_ts = 192.168.50.2/24 [udp/4789]
             esp_proposals = aes128gcm128-x25519-esn
             mode = transport
             policies_fwd_out = yes
-            hw_offload = full
+            hw_offload = packet
+         }
+         bf-in {
+            local_ts = 192.168.50.1/24 [udp/4789]
+            remote_ts = 192.168.50.2/24 [udp]
+            esp_proposals = aes128gcm128-x25519-esn
+            mode = transport
+            policies_fwd_out = yes
+            hw_offload = packet
          }
       }
       version = 2

diff --git a/mlnx-conf/BFR.swanctl.conf b/mlnx-conf/BFR.swanctl.conf
@@ -1,4 +1,4 @@
-# RIGHT: strongswan BF-2 config file 
+# RIGHT: strongswan BF config file
 connections {
    BFL-BFR {
       local_addrs  = 192.168.50.2
@@ -14,13 +14,21 @@ connections {
       }
 
       children {
-         bf {
-            local_ts = 192.168.50.2/24 [udp/4789]
+         bf-out {
+            local_ts = 192.168.50.2/24 [udp]
             remote_ts = 192.168.50.1/24 [udp/4789]
             esp_proposals = aes128gcm128-x25519-esn
             mode = transport
             policies_fwd_out = yes
-            hw_offload = full
+            hw_offload = packet
+         }
+         bf-in {
+            local_ts = 192.168.50.2/24 [udp/4789]
+            remote_ts = 192.168.50.1/24 [udp]
+            esp_proposals = aes128gcm128-x25519-esn
+            mode = transport
+            policies_fwd_out = yes
+            hw_offload = packet
          }
       }
       version = 2