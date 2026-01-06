Note DOCA IPsec Security Gateway is supported at alpha level.

DOCA IPsec Security Gateway leverages the DPU's hardware capability for secure network communication. The application demonstrates how to insert rules related to IPsec encryption and decryption based on the DOCA Flow and DOCA IPsec libraries.

The application demonstrates how to insert rules to create an IPsec tunnel.

Note An example for configuring the Internet Key Exchange (IKE) can be found under section "Keying Daemon Integration (StrongSwan)" but is not considered part of the application.

The application can be configured to receive IPsec rules in one of the following ways:

Static configuration – (default) receives a fixed list of rules for IPsec encryption and decryption Note When creating the security association (SA) object, the application gets the key, salt, and other SA attributes from the JSON input file.

Dynamic configuration – receives IPsec encryption and decryption rules during runtime through a Unix domain socket (UDS) which is enabled when providing a socket path to the application Note You may find an example of integrating a rules generator with the application under strongSwan project (DOCA plugin).

The application supports the following IPsec modes: Tunnel, transport, UDP transport.