ipsec-tools/setkey/Sample/sample-policy02.cf

   1 #
   2 # this is test configuration for unique policy on loopback.
   3 #
   4
   5 spdflush;
   6 # connection to 9999 encrypted, reverse no encrypted.
   7 spdadd ::1 ::1[9999] tcp
   8         -P out ipsec
   9         esp/transport//unique:2 ;
  10
  11 # Session encrypted.  Inbound policy check takes place non-strictly.
  12 spdadd ::1 ::1[9998] tcp
  13         -P out ipsec
  14         esp/transport//unique:1 ;
  15 spdadd ::1[9998] ::1 tcp
  16         -P in ipsec
  17         esp/transport//unique:2 ;
  18 spdadd ::1[9998] ::1 tcp
  19         -P out ipsec
  20         esp/transport//unique:1 ;
  21
  22 # Cause new SA to be acquired.
  23 spdadd ::1 ::1[9997] tcp
  24         -P out ipsec
  25         esp/transport//unique ;
  26
  27 # Used proper SA.
  28 spdadd ::1 ::1[9996] tcp
  29         -P out ipsec
  30         esp/transport//require ;
  31
  32 # reqid will be updated by kernel.
  33 spdadd ::1 ::1[9995] tcp
  34         -P out ipsec
  35         esp/transport//unique:28000 ;
  36
  37 flush;
  38 add ::1 ::1 esp 0x1001
  39         -u 1
  40         -E des-cbc "kamekame";
  41 add ::1 ::1 esp 0x1002
  42         -u 2
  43         -E des-cbc "hogehoge";