How to choose the suitable value for ipsec vti?

Q/A
#1

Hello everyone, I am a beginner of free5gc and linux.
I follow the wiki to install and run the free5gc, It works well until I start to run free5gc part B.
I am confuse about the meaning of suitable value for following two command below.

replace <…> to suitable value
sudo ip link add ipsec0 type vti local IKEBindAddress remote 0.0.0.0 key IPSecInterfaceMark
sudo ip address add IPSecInterfaceAddress/CIDRPrefix dev ipsec0

Q1: How to choose IP address for IKEBindAddress? IP for NIC2? IP for Wi-Fi Router? or just a IP that is not used?
Q2: Should IKEBindAddress and IPSecInterfaceAddress be the same?
Q3: Is there any rules for IPSecInterfaceMark?

The picture below is the IP address that I have already set in free5gc, and I have already set a DHCP to assign IP for the device below NIC2.

Untitled Diagram(1)
Untitled Diagram(1)708×464 35.4 KB

I am looking forward to your reply.
thank you.

#2

I try to figure out how to set the suitable value by reading the /free5gc/config/n3iwfcfg.yaml

n3iwf
n3iwf1502×986 62.2 KB

so I use the command as below to set the ipsec tunnel
sudo ip link add name ipsec0 type vti local 192.168.1.201 remote 0.0.0.0 key 7
#192.168.1.201 is my NIC IP Address
sudo ip address add 10.0.0.1/24 dev ipsec0
sudo ip link set dev ipsec0 up
but it create as a ipip tunnel
03.PNG
03.PNG1113×141 51.9 KB

I also try to run sudo ./run.sh, but it shows some error when N3IWF connect to AMF with SCTP and NGAP.
02.PNG
02.PNG1098×164 89.8 KB

I have already check if AMF works well
01.PNG
01.PNG1352×95 48.7 KB

I am not sure how to fix it? or I forget to set something? anyone have any idea @@.

#3

Hi @IgerAnes ,
about IKEBindAddress / IPSecInterfaceAddress / IPSecInterfaceMark questions,
hope you find this information helpful.

#4