[apple/ipsec.git] / ipsec-tools / setkey / Sample / sample-policy02.cf

#
# this is test configuration for unique policy on loopback.
#

spdflush;
# connection to 9999 encrypted, reverse no encrypted.
spdadd ::1 ::1[9999] tcp
	-P out ipsec
	esp/transport//unique:2 ;

# Session encrypted.  Inbound policy check takes place non-strictly.
spdadd ::1 ::1[9998] tcp
	-P out ipsec
	esp/transport//unique:1 ;
spdadd ::1[9998] ::1 tcp
	-P in ipsec
	esp/transport//unique:2 ;
spdadd ::1[9998] ::1 tcp
	-P out ipsec
	esp/transport//unique:1 ;

# Cause new SA to be acquired.
spdadd ::1 ::1[9997] tcp
	-P out ipsec
	esp/transport//unique ;

# Used proper SA.
spdadd ::1 ::1[9996] tcp
	-P out ipsec
	esp/transport//require ;

# reqid will be updated by kernel.
spdadd ::1 ::1[9995] tcp
	-P out ipsec
	esp/transport//unique:28000 ;

flush;
add ::1 ::1 esp 0x1001
	-u 1
	-E des-cbc "kamekame";
add ::1 ::1 esp 0x1002
	-u 2
	-E des-cbc "hogehoge";
Commit	Line	Data
52b7d2ce A	1	#
	2	# this is test configuration for unique policy on loopback.
	3	#
	4
	5	spdflush;
	6	# connection to 9999 encrypted, reverse no encrypted.
	7	spdadd ::1 ::1[9999] tcp
	8	-P out ipsec
	9	esp/transport//unique:2 ;
	10
	11	# Session encrypted. Inbound policy check takes place non-strictly.
	12	spdadd ::1 ::1[9998] tcp
	13	-P out ipsec
	14	esp/transport//unique:1 ;
	15	spdadd ::1[9998] ::1 tcp
	16	-P in ipsec
	17	esp/transport//unique:2 ;
	18	spdadd ::1[9998] ::1 tcp
	19	-P out ipsec
	20	esp/transport//unique:1 ;
	21
	22	# Cause new SA to be acquired.
	23	spdadd ::1 ::1[9997] tcp
	24	-P out ipsec
	25	esp/transport//unique ;
	26
	27	# Used proper SA.
	28	spdadd ::1 ::1[9996] tcp
	29	-P out ipsec
	30	esp/transport//require ;
	31
	32	# reqid will be updated by kernel.
	33	spdadd ::1 ::1[9995] tcp
	34	-P out ipsec
	35	esp/transport//unique:28000 ;
	36
	37	flush;
	38	add ::1 ::1 esp 0x1001
	39	-u 1
	40	-E des-cbc "kamekame";
	41	add ::1 ::1 esp 0x1002
	42	-u 2
	43	-E des-cbc "hogehoge";