From: seantywork <seantywork@gmail.com>
Date: Sun, 14 Dec 2025 11:14:39 +0000 (+0000)
Subject: okay
X-Git-Url: https://git.feebdaed.xyz/?a=commitdiff_plain;h=1e74a908b7de2cb744efbfb81f57c871defc2e66;p=linuxyz.git

okay
---

diff --git a/virsh-create-dut/dut/dev1/install.sh b/virsh-create-dut/dut/dev1/install.sh
deleted file mode 100755
index b2817f9..0000000
--- a/virsh-create-dut/dut/dev1/install.sh
+++ /dev/null
@@ -1,146 +0,0 @@
-#!/bin/bash
-
-sudo apt-get update
-
-sudo apt-get -y install build-essential make autoconf automake
-
-sudo apt-get -y install libgmp-dev libsystemd-dev libcurl4-openssl-dev libldap-dev libtss2-dev libgcrypt20-dev libpam0g-dev libip4tc-dev pkg-config init libtss2-tcti-tabrmd0
-
-
-pushd ~
-
-curl -L https://github.com/strongswan/strongswan/releases/download/6.0.1/strongswan-6.0.1.tar.gz -o strongswan-6.0.1.tar.gz
-
-tar -xzf strongswan-6.0.1.tar.gz
-
-pushd strongswan-6.0.1
-
-./configure --prefix=/usr --sysconfdir=/etc --enable-charon --enable-systemd \
---disable-defaults \
---enable-static \
---enable-test-vectors \
---enable-pki --enable-ikev2 --enable-vici --enable-swanctl \
---enable-ldap \
---enable-pkcs11 \
---enable-tpm \
---enable-aesni \
---enable-aes \
---enable-rc2 \
---enable-sha2 \
---enable-sha1 \
---enable-md5 \
---enable-mgf1 \
---enable-rdrand \
---enable-random \
---enable-nonce \
---enable-x509 \
---enable-revocation \
---enable-constraints \
---enable-pubkey \
---enable-pkcs1 \
---enable-pkcs7 \
---enable-pkcs8 \
---enable-pkcs12 \
---enable-pgp \
---enable-dnskey \
---enable-sshkey \
---enable-pem \
---enable-openssl \
---enable-gcrypt \
---enable-af-alg \
---enable-fips-prf  \
---enable-gmp  \
---enable-curve25519 \
---enable-agent \
---enable-chapoly \
---enable-xcbc \
---enable-cmac \
---enable-hmac \
---enable-ctr \
---enable-ccm \
---enable-gcm \
---enable-ntru \
---enable-drbg \
---enable-curl \
---enable-attr \
---enable-kernel-netlink \
---enable-resolve \
---enable-socket-default \
---enable-connmark \
---enable-forecast \
---enable-farp \
---enable-stroke \
---enable-vici \
---enable-updown \
---enable-eap-identity \
---enable-eap-aka \
---enable-eap-md5 \
---enable-eap-gtc \
---enable-eap-mschapv2 \
---enable-eap-dynamic \
---enable-eap-radius \
---enable-eap-tls \
---enable-eap-ttls \
---enable-eap-peap \
---enable-eap-tnc \
---enable-xauth-generic \
---enable-xauth-eap \
---enable-xauth-pam \
---enable-tnc-tnccs \
---enable-dhcp \
---enable-lookip \
---enable-error-notify \
---enable-certexpire \
---enable-led \
---enable-addrblock \
---enable-unity \
---enable-counters \
---enable-whitelist 
-
-make
-
-sudo make install
-
-popd
-
-popd
-
-
-sudo systemctl enable strongswan
-
-sudo systemctl start strongswan
-
-pushd ~
-
-git clone https://github.com/xdp-project/xdp-tools
-
-sudo apt update
-
-sudo apt install -y clang llvm libelf-dev libpcap-dev libc6-dev-i386 m4
-
-sudo apt install -y linux-tools-$(uname -r)
-
-sudo apt install -y linux-headers-$(uname -r)
-
-pushd xdp-tools
-
-./configure
-
-popd
-
-pushd xdp-tools
-
-make
-
-sudo make install
-
-popd
-
-
-pushd xdp-tools/lib/libbpf/src
-
-sudo make install
-
-popd
-
-popd
diff --git a/virsh-create-dut/dut/dev1/network-del.sh b/virsh-create-dut/dut/dev1/network-del.sh
deleted file mode 100755
index bba9712..0000000
--- a/virsh-create-dut/dut/dev1/network-del.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-
-set -exo pipefail
-
-sudo ip netns del net1 
-sudo ip netns del net2
-sudo ip link del br0
diff --git a/virsh-create-dut/dut/dev1/network.sh b/virsh-create-dut/dut/dev1/network.sh
deleted file mode 100755
index dce42cd..0000000
--- a/virsh-create-dut/dut/dev1/network.sh
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/bash
-
-set -exo pipefail
-
-sudo ip netns add net1
-sudo ip netns add net2
-sudo ip link add dev veth1 type veth peer name veth2 netns net1
-sudo ip netns exec net1 ip link add dev veth3 type veth peer name veth4 netns net2
-
-sudo ip link add br0 type bridge stp_state 0
-sudo ip link set ens3 master br0
-sudo ip link set veth1 master br0
-sudo ip addr add 192.168.101.25/24 dev br0
-sudo ip addr add 10.168.0.254/24 dev br0
-
-sudo ip netns exec net1 ip link add br1 type bridge stp_state 1
-sudo ip netns exec net1 ip link set veth2 master br1
-sudo ip netns exec net1 ip link set veth3 master br1
-sudo ip netns exec net1 ip addr add 10.168.0.1/24 dev br1
-
-sudo ip netns exec net2 ip addr add 10.168.0.2/24 dev veth4
-
-sudo ip link set up ens3
-sudo ip link set up veth1 
-sudo ip link set up br0
-sudo ip route add default via 192.168.101.1 dev br0
-sudo sysctl -w net.ipv4.ip_forward=1
-
-sudo ip netns exec net1 ip link set up lo
-sudo ip netns exec net1 ip link set up veth2 
-sudo ip netns exec net1 ip link set up veth3
-sudo ip netns exec net1 ip link set up br1
-sudo ip netns exec net1 ip route add default via 10.168.0.254 dev br1
-sudo ip netns exec net1 sysctl -w net.ipv4.ip_forward=1
-
-sudo ip netns exec net2 ip link set up lo
-sudo ip netns exec net2 ip link set up veth4
-sudo ip netns exec net2 ip route add default via 10.168.0.1 dev veth4
-sudo ip netns exec net2 sysctl -w net.ipv4.ip_forward=1
diff --git a/virsh-create-dut/dut/vpn/dev1/bin/Makefile b/virsh-create-dut/dut/vpn/dev1/bin/Makefile
new file mode 100644
index 0000000..e4d4361
--- /dev/null
+++ b/virsh-create-dut/dut/vpn/dev1/bin/Makefile
@@ -0,0 +1,4 @@
+all:
+	clang -O2 -g -Wall -c -target bpf -o bpf_ctl.o bpf_ctl.c
+clean:
+	rm -rf *.o
\ No newline at end of file
diff --git a/virsh-create-dut/dut/vpn/dev1/bin/bpf_ctl.c b/virsh-create-dut/dut/vpn/dev1/bin/bpf_ctl.c
new file mode 100644
index 0000000..b628446
--- /dev/null
+++ b/virsh-create-dut/dut/vpn/dev1/bin/bpf_ctl.c
@@ -0,0 +1,81 @@
+
+#define AF_INET		2	/* Internet IP Protocol 	*/
+#define ETH_ALEN    6
+#define PROTO_IP     0x0800
+
+#include <linux/bpf.h>
+
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_endian.h>
+
+#include <linux/if_ether.h>
+#include <linux/if_vlan.h>
+#include <linux/ip.h>
+#include <linux/tcp.h>
+#include <linux/udp.h>
+#include <linux/in.h>
+#include <linux/string.h>
+
+#include "xsk_def_xdp_prog.h"
+
+struct hwaddr {
+  __u8 data[6];
+  __u8 rsvd[2];
+};
+
+struct {
+	__uint(type, BPF_MAP_TYPE_HASH);
+  __type(key, __u32);
+  __type(value, struct hwaddr);
+  __uint(map_flags, BPF_F_NO_PREALLOC);
+  __uint(max_entries, 64); 
+} inline_hw SEC(".maps");
+
+
+SEC("xdp_pass")
+int xdp_pass_prog(struct xdp_md *ctx){
+
+  unsigned char *data_end = (unsigned char *)(long)ctx->data_end;
+  unsigned char *data = (unsigned char *)(long)ctx->data;
+
+
+  struct ethhdr *ether = (struct ethhdr *)data;
+  if (data + sizeof(*ether) > data_end) {
+
+    return XDP_DROP;
+  }
+
+//  bpf_printk("h proto: %d\n", bpf_ntohs(ether->h_proto));
+  __u16 h_proto = ether->h_proto;
+
+  //bpf_printk("h_proto orig: %02x\n", h_proto);
+  //bpf_printk("h_proto hton: %02x\n", bpf_htons(h_proto));
+
+  if (bpf_htons(h_proto) != PROTO_IP) { 
+    // bpf_printk("proto not ip\n");
+    return XDP_PASS;
+  }
+
+  //broadcast & multicast
+  if(ether->h_dest[0] & 0x01){
+    return XDP_PASS;
+  }
+
+  __u32 key = 0;
+  struct hwaddr *value = NULL;
+
+  value = bpf_map_lookup_elem(&inline_hw, &key);
+
+  if(!value){
+    bpf_printk("inline hw addr not found\n");
+    return XDP_DROP;
+  }
+
+  //bpf_printk("inline hwaddr: %02x:%02x:%02x:%02x:%02x:%02x\n", value->data[0], value->data[1], value->data[2], value->data[3], value->data[4], value->data[5]);
+
+  memcpy(ether->h_dest, value->data, 6);
+
+  return XDP_PASS;
+}
+
+char _license[] SEC("license") = "GPL";
\ No newline at end of file
diff --git a/virsh-create-dut/dut/vpn/dev1/bin/xsk_def_xdp_prog.h b/virsh-create-dut/dut/vpn/dev1/bin/xsk_def_xdp_prog.h
new file mode 100644
index 0000000..f9fb6cd
--- /dev/null
+++ b/virsh-create-dut/dut/vpn/dev1/bin/xsk_def_xdp_prog.h
@@ -0,0 +1,9 @@
+// SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause)
+
+#ifndef __LIBXDP_XSK_DEF_XDP_PROG_H
+#define __LIBXDP_XSK_DEF_XDP_PROG_H
+
+#define XDP_METADATA_SECTION "xdp_metadata"
+#define XSK_PROG_VERSION 1
+
+#endif /* __LIBXDP_XSK_DEF_XDP_PROG_H */
\ No newline at end of file
diff --git a/virsh-create-dut/dut/vpn/dev1/install.sh b/virsh-create-dut/dut/vpn/dev1/install.sh
new file mode 100755
index 0000000..9f86257
--- /dev/null
+++ b/virsh-create-dut/dut/vpn/dev1/install.sh
@@ -0,0 +1,147 @@
+#!/bin/bash
+
+sudo apt-get update
+
+sudo apt-get -y install build-essential make autoconf automake
+
+sudo apt-get -y install libgmp-dev libsystemd-dev libcurl4-openssl-dev libldap-dev libtss2-dev libgcrypt20-dev libpam0g-dev libip4tc-dev pkg-config init libtss2-tcti-tabrmd0
+
+
+pushd ~
+
+curl -L https://github.com/strongswan/strongswan/releases/download/6.0.1/strongswan-6.0.1.tar.gz -o strongswan-6.0.1.tar.gz
+
+tar -xzf strongswan-6.0.1.tar.gz
+
+pushd strongswan-6.0.1
+
+./configure --prefix=/usr --sysconfdir=/etc --enable-charon --enable-systemd \
+--disable-defaults \
+--enable-static \
+--enable-test-vectors \
+--enable-pki --enable-ikev2 --enable-vici --enable-swanctl \
+--enable-ldap \
+--enable-pkcs11 \
+--enable-tpm \
+--enable-aesni \
+--enable-aes \
+--enable-rc2 \
+--enable-sha2 \
+--enable-sha1 \
+--enable-md5 \
+--enable-mgf1 \
+--enable-rdrand \
+--enable-random \
+--enable-nonce \
+--enable-x509 \
+--enable-revocation \
+--enable-constraints \
+--enable-pubkey \
+--enable-pkcs1 \
+--enable-pkcs7 \
+--enable-pkcs8 \
+--enable-pkcs12 \
+--enable-pgp \
+--enable-dnskey \
+--enable-sshkey \
+--enable-pem \
+--enable-openssl \
+--enable-gcrypt \
+--enable-af-alg \
+--enable-fips-prf  \
+--enable-gmp  \
+--enable-curve25519 \
+--enable-agent \
+--enable-chapoly \
+--enable-xcbc \
+--enable-cmac \
+--enable-hmac \
+--enable-ctr \
+--enable-ccm \
+--enable-gcm \
+--enable-ntru \
+--enable-drbg \
+--enable-curl \
+--enable-attr \
+--enable-kernel-netlink \
+--enable-resolve \
+--enable-socket-default \
+--enable-connmark \
+--enable-forecast \
+--enable-farp \
+--enable-stroke \
+--enable-vici \
+--enable-updown \
+--enable-eap-identity \
+--enable-eap-aka \
+--enable-eap-md5 \
+--enable-eap-gtc \
+--enable-eap-mschapv2 \
+--enable-eap-dynamic \
+--enable-eap-radius \
+--enable-eap-tls \
+--enable-eap-ttls \
+--enable-eap-peap \
+--enable-eap-tnc \
+--enable-xauth-generic \
+--enable-xauth-eap \
+--enable-xauth-pam \
+--enable-tnc-tnccs \
+--enable-dhcp \
+--enable-lookip \
+--enable-error-notify \
+--enable-certexpire \
+--enable-led \
+--enable-addrblock \
+--enable-unity \
+--enable-counters \
+--enable-whitelist 
+
+make
+
+sudo make install
+
+popd
+
+popd
+
+
+sudo systemctl enable strongswan
+
+sudo systemctl start strongswan
+
+pushd ~
+
+git clone https://github.com/xdp-project/xdp-tools
+
+sudo apt update
+
+sudo apt install -y clang llvm libelf-dev libpcap-dev libc6-dev-i386 m4
+
+sudo apt install -y linux-tools-$(uname -r)
+
+sudo apt install -y linux-headers-$(uname -r)
+
+pushd xdp-tools
+
+./configure
+
+popd
+
+pushd xdp-tools
+
+make
+
+sudo make install
+
+popd
+
+
+pushd xdp-tools/lib/libbpf/src
+
+sudo make install
+
+popd
+
+popd
+
diff --git a/virsh-create-dut/dut/vpn/dev1/net/network-del.sh b/virsh-create-dut/dut/vpn/dev1/net/network-del.sh
new file mode 100755
index 0000000..bba9712
--- /dev/null
+++ b/virsh-create-dut/dut/vpn/dev1/net/network-del.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -exo pipefail
+
+sudo ip netns del net1 
+sudo ip netns del net2
+sudo ip link del br0
diff --git a/virsh-create-dut/dut/vpn/dev1/net/network.sh b/virsh-create-dut/dut/vpn/dev1/net/network.sh
new file mode 100755
index 0000000..370b6de
--- /dev/null
+++ b/virsh-create-dut/dut/vpn/dev1/net/network.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+set -exo pipefail
+
+sudo modprobe br_netfilter
+
+sudo ip netns add net1
+sudo ip netns add net2
+sudo ip link add dev veth1 type veth peer name veth2 netns net1
+sudo ip netns exec net1 ip link add dev veth3 type veth peer name veth4 netns net2
+
+sudo ip link add br0 type bridge stp_state 0
+sudo ip link set ens3 master br0
+sudo ip link set veth1 master br0
+sudo ip addr add 192.168.101.25/24 dev br0
+sudo ip addr add 10.168.0.254/24 dev br0
+
+sudo ip netns exec net1 ip link add br1 type bridge stp_state 1
+sudo ip netns exec net1 ip link set veth2 master br1
+sudo ip netns exec net1 ip link set veth3 master br1
+sudo ip netns exec net1 ip addr add 10.168.0.1/24 dev br1
+
+sudo ip netns exec net2 ip addr add 10.168.0.2/24 dev veth4
+
+sudo ip link set up ens3
+sudo ip link set up veth1 
+sudo ip link set up br0
+sudo ip route add default via 192.168.101.1 dev br0
+sudo sysctl -w net.ipv4.ip_forward=1
+
+sudo ip netns exec net1 ip link set up lo
+sudo ip netns exec net1 ip link set up veth2 
+sudo ip netns exec net1 ip link set up veth3
+sudo ip netns exec net1 ip link set up br1
+sudo ip netns exec net1 ip route add default via 10.168.0.254 dev br1
+sudo ip netns exec net1 sysctl -w net.ipv4.ip_forward=1
+
+sudo ip netns exec net2 ip link set up lo
+sudo ip netns exec net2 ip link set up veth4
+sudo ip netns exec net2 ip route add default via 10.168.0.1 dev veth4
+sudo ip netns exec net2 sysctl -w net.ipv4.ip_forward=1
diff --git a/virsh-create-dut/dut/vpn/dev1/vpn/.gitignore b/virsh-create-dut/dut/vpn/dev1/vpn/.gitignore
new file mode 100644
index 0000000..de7ac14
--- /dev/null
+++ b/virsh-create-dut/dut/vpn/dev1/vpn/.gitignore
@@ -0,0 +1,4 @@
+*.pem
+*.srl
+*.csr
+*.tar.gz
\ No newline at end of file
diff --git a/virsh-create-dut/dut/vpn/dev1/vpn/install.sh b/virsh-create-dut/dut/vpn/dev1/vpn/install.sh
new file mode 100755
index 0000000..a59914f
--- /dev/null
+++ b/virsh-create-dut/dut/vpn/dev1/vpn/install.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+
+SCONFIG="authorityKeyIdentifier = keyid,issuer:always\n" && \
+SCONFIG="${SCONFIG}basicConstraints = CA:FALSE\n" && \
+SCONFIG="${SCONFIG}keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\n" && \
+SCONFIG="${SCONFIG}extendedKeyUsage = serverAuth\n" 
+
+CCONFIG="authorityKeyIdentifier = keyid,issuer:always\n" && \
+CCONFIG="${CCONFIG}basicConstraints = CA:FALSE\n" && \
+CCONFIG="${CCONFIG}keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\n" && \
+CCONFIG="${CCONFIG}extendedKeyUsage = clientAuth\n" 
+
+
+openssl genrsa -out ca_priv.pem 4096
+openssl rsa -in ca_priv.pem -outform PEM -pubout -out ca_pub.pem
+openssl req -x509 -new -key ca_priv.pem -days 365 -out ca.cert.pem -subj "/CN=dev1ca"
+
+openssl genrsa -out server.key.pem 4096
+openssl rsa -in server.key.pem -outform PEM -pubout -out ser_pub.pem
+openssl req -key server.key.pem -new -sha256 -out server.csr -subj "/CN=dev1server"
+openssl x509 -req -days 180 -in server.csr -extfile <(printf "${SCONFIG}") -CA ca.cert.pem -CAkey ca_priv.pem -CAcreateserial -sha256 -out server.cert.pem 
+
+openssl genrsa -out client.key.pem 4096
+openssl rsa -in client.key.pem -outform PEM -pubout -out cli_pub.pem
+openssl req -key client.key.pem -new -sha256 -out client.csr -subj "/CN=dev1client"
+openssl x509 -req -days 180 -in client.csr -extfile <(printf "${CCONFIG}") -CA ca.cert.pem -CAkey ca_priv.pem -CAcreateserial -sha256 -out client.cert.pem 
+
+sudo /bin/cp -Rf swanctl.conf /etc/swanctl/swanctl.conf
+sudo /bin/cp -Rf ca.cert.pem /etc/swanctl/x509ca/
+sudo /bin/cp -Rf server.cert.pem /etc/swanctl/x509
+sudo /bin/cp -Rf server.key.pem /etc/swanctl/private
+
+tar czf dev2.vpn.tar.gz ca.cert.pem client.cert.pem client.key.pem
+
+sudo cp dev2.vpn.tar.gz /tmp/
+sudo chmod 777 /tmp/dev2.vpn.tar.gz 
+
+sudo systemctl restart strongswan
\ No newline at end of file
diff --git a/virsh-create-dut/dut/vpn/dev1/vpn/swanctl.conf b/virsh-create-dut/dut/vpn/dev1/vpn/swanctl.conf
new file mode 100644
index 0000000..31363c9
--- /dev/null
+++ b/virsh-create-dut/dut/vpn/dev1/vpn/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+   dev1 {
+      local_addrs = 192.168.101.25
+      pools = dev1_pool
+      version = 2
+      proposals = aes256gcm16-sha256-modp2048
+      unique = never
+      encap = yes
+
+      local {
+         auth = pubkey
+         certs = server.cert.pem
+      }
+      remote {
+         auth = pubkey
+      }
+      children {
+         net {
+            local_ts  = 10.168.0.0/24
+            mode = tunnel
+            esp_proposals = aes256gcm16-sha256
+            dpd_action = restart
+            rekey_time = 0
+         }
+      }
+   }
+}
+
+pools{
+	dev1_pool {
+		addrs = 10.9.0.0/24
+	}
+}
\ No newline at end of file
diff --git a/virsh-create-dut/dut/vpn/dev2/install.sh b/virsh-create-dut/dut/vpn/dev2/install.sh
new file mode 100755
index 0000000..a8e4ef7
--- /dev/null
+++ b/virsh-create-dut/dut/vpn/dev2/install.sh
@@ -0,0 +1,113 @@
+#!/bin/bash
+
+sudo apt-get update
+
+sudo apt-get -y install build-essential make autoconf automake
+
+sudo apt-get -y install libgmp-dev libsystemd-dev libcurl4-openssl-dev libldap-dev libtss2-dev libgcrypt20-dev libpam0g-dev libip4tc-dev pkg-config init libtss2-tcti-tabrmd0
+
+
+pushd ~
+
+curl -L https://github.com/strongswan/strongswan/releases/download/6.0.1/strongswan-6.0.1.tar.gz -o strongswan-6.0.1.tar.gz
+
+tar -xzf strongswan-6.0.1.tar.gz
+
+pushd strongswan-6.0.1
+
+./configure --prefix=/usr --sysconfdir=/etc --enable-charon --enable-systemd \
+--disable-defaults \
+--enable-static \
+--enable-test-vectors \
+--enable-pki --enable-ikev2 --enable-vici --enable-swanctl \
+--enable-ldap \
+--enable-pkcs11 \
+--enable-tpm \
+--enable-aesni \
+--enable-aes \
+--enable-rc2 \
+--enable-sha2 \
+--enable-sha1 \
+--enable-md5 \
+--enable-mgf1 \
+--enable-rdrand \
+--enable-random \
+--enable-nonce \
+--enable-x509 \
+--enable-revocation \
+--enable-constraints \
+--enable-pubkey \
+--enable-pkcs1 \
+--enable-pkcs7 \
+--enable-pkcs8 \
+--enable-pkcs12 \
+--enable-pgp \
+--enable-dnskey \
+--enable-sshkey \
+--enable-pem \
+--enable-openssl \
+--enable-gcrypt \
+--enable-af-alg \
+--enable-fips-prf  \
+--enable-gmp  \
+--enable-curve25519 \
+--enable-agent \
+--enable-chapoly \
+--enable-xcbc \
+--enable-cmac \
+--enable-hmac \
+--enable-ctr \
+--enable-ccm \
+--enable-gcm \
+--enable-ntru \
+--enable-drbg \
+--enable-curl \
+--enable-attr \
+--enable-kernel-netlink \
+--enable-resolve \
+--enable-socket-default \
+--enable-connmark \
+--enable-forecast \
+--enable-farp \
+--enable-stroke \
+--enable-vici \
+--enable-updown \
+--enable-eap-identity \
+--enable-eap-aka \
+--enable-eap-md5 \
+--enable-eap-gtc \
+--enable-eap-mschapv2 \
+--enable-eap-dynamic \
+--enable-eap-radius \
+--enable-eap-tls \
+--enable-eap-ttls \
+--enable-eap-peap \
+--enable-eap-tnc \
+--enable-xauth-generic \
+--enable-xauth-eap \
+--enable-xauth-pam \
+--enable-tnc-tnccs \
+--enable-dhcp \
+--enable-lookip \
+--enable-error-notify \
+--enable-certexpire \
+--enable-led \
+--enable-addrblock \
+--enable-unity \
+--enable-counters \
+--enable-whitelist 
+
+make
+
+sudo make install
+
+popd
+
+popd
+
+
+sudo systemctl enable strongswan
+
+sudo systemctl start strongswan
+
+
diff --git a/virsh-create-dut/dut/vpn/dev2/net/network-del.sh b/virsh-create-dut/dut/vpn/dev2/net/network-del.sh
new file mode 100755
index 0000000..a8871a2
--- /dev/null
+++ b/virsh-create-dut/dut/vpn/dev2/net/network-del.sh
@@ -0,0 +1,5 @@
+#!/bin/bash 
+
+set -exo pipefail
+
+sudo ip netns del net1
diff --git a/virsh-create-dut/dut/vpn/dev2/net/network.sh b/virsh-create-dut/dut/vpn/dev2/net/network.sh
new file mode 100755
index 0000000..5a87c20
--- /dev/null
+++ b/virsh-create-dut/dut/vpn/dev2/net/network.sh
@@ -0,0 +1,8 @@
+#!/bin/bash 
+
+set -exo pipefail
+
+sudo ip netns add net1
+sudo ip link set dev enp7s3 netns net1
+sudo ip addr add 192.168.101.21/24 dev ens3
+sudo ip link set dev ens3 up
diff --git a/virsh-create-dut/dut/vpn/dev2/vpn/.gitignore b/virsh-create-dut/dut/vpn/dev2/vpn/.gitignore
new file mode 100644
index 0000000..e69de29
diff --git a/virsh-create-dut/dut/vpn/dev2/vpn/install.sh b/virsh-create-dut/dut/vpn/dev2/vpn/install.sh
new file mode 100755
index 0000000..dc06066
--- /dev/null
+++ b/virsh-create-dut/dut/vpn/dev2/vpn/install.sh
@@ -0,0 +1,14 @@
+#!/bin/bash 
+
+set -exo pipefail 
+
+scp seantywork@192.168.101.25:/tmp/dev2.vpn.tar.gz .
+
+tar xzf dev2.vpn.tar.gz 
+
+sudo /bin/cp -Rf swanctl.conf /etc/swanctl/swanctl.conf
+sudo /bin/cp -Rf ca.cert.pem /etc/swanctl/x509ca/
+sudo /bin/cp -Rf client.cert.pem /etc/swanctl/x509
+sudo /bin/cp -Rf client.key.pem /etc/swanctl/private
+
+sudo systemctl restart strongswan
diff --git a/virsh-create-dut/dut/vpn/dev2/vpn/swanctl.conf b/virsh-create-dut/dut/vpn/dev2/vpn/swanctl.conf
new file mode 100644
index 0000000..e735c09
--- /dev/null
+++ b/virsh-create-dut/dut/vpn/dev2/vpn/swanctl.conf
@@ -0,0 +1,23 @@
+connections {
+    home {
+      remote_addrs = 192.168.101.25
+      vips = 0.0.0.0
+      version = 2
+      proposals = aes256gcm16-sha256-modp2048
+
+      local {
+        auth = pubkey
+        certs = client.cert.pem
+      }
+      remote {
+        auth = pubkey
+      }
+      children {
+        home {
+          remote_ts  = 10.168.0.0/24
+          start_action = start
+          esp_proposals = aes256gcm16-sha256
+        }
+      }
+    }
+}
\ No newline at end of file