IPsec / IKEv2 Interop
Ze as an IKE initiator against real strongSwan/charon, with FRR redistribute scenarios over the resulting tunnel.
A peer-isolated Docker lab runs Ze as an IKEv2 initiator against strongSwan/charon as the responder, with FRR available as a BGP peer for redistribute scenarios over the established tunnel.
Unlike the L2TP and PPPoE labs, there's no long-form design document for this one yet -- the lab source itself (Docker lifecycle, PKI fixtures, scenario definitions) is the reference.
# all scenarios $ make ze-ipsec-interop-test # a single named scenario $ make ze-ipsec-interop-test IPSEC_INTEROP_SCENARIO=name
Docker with privileged containers (IKE/IPsec needs kernel XFRM access).