![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sample-policy02.cf CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / setkey|
Return to sample-policy02.cf CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / setkey |
1.1 misho 1: #
2: # this is test configuration for unique policy on loopback.
3: #
4:
5: spdflush;
6: # connection to 9999 encrypted, reverse no encrypted.
7: spdadd ::1 ::1[9999] tcp
8: -P out ipsec
9: esp/transport//unique:2 ;
10:
11: # Session encrypted. Inbound policy check takes place non-strictly.
12: spdadd ::1 ::1[9998] tcp
13: -P out ipsec
14: esp/transport//unique:1 ;
15: spdadd ::1[9998] ::1 tcp
16: -P in ipsec
17: esp/transport//unique:2 ;
18: spdadd ::1[9998] ::1 tcp
19: -P out ipsec
20: esp/transport//unique:1 ;
21:
22: # Cause new SA to be acquired.
23: spdadd ::1 ::1[9997] tcp
24: -P out ipsec
25: esp/transport//unique ;
26:
27: # Used proper SA.
28: spdadd ::1 ::1[9996] tcp
29: -P out ipsec
30: esp/transport//require ;
31:
32: # reqid will be updated by kernel.
33: spdadd ::1 ::1[9995] tcp
34: -P out ipsec
35: esp/transport//unique:28000 ;
36:
37: flush;
38: add ::1 ::1 esp 0x1001
39: -u 1
40: -E des-cbc "kamekame";
41: add ::1 ::1 esp 0x1002
42: -u 2
43: -E des-cbc "hogehoge";