File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / setkey / sample-policy02.cf
Revision 1.1: download - view: text, annotated - select for diffs - revision graph
Tue Feb 21 22:39:10 2012 UTC (12 years, 10 months ago) by misho
CVS tags: MAIN, HEAD
Initial revision

#
# this is test configuration for unique policy on loopback.
#

spdflush;
# connection to 9999 encrypted, reverse no encrypted.
spdadd ::1 ::1[9999] tcp
	-P out ipsec
	esp/transport//unique:2 ;

# Session encrypted.  Inbound policy check takes place non-strictly.
spdadd ::1 ::1[9998] tcp
	-P out ipsec
	esp/transport//unique:1 ;
spdadd ::1[9998] ::1 tcp
	-P in ipsec
	esp/transport//unique:2 ;
spdadd ::1[9998] ::1 tcp
	-P out ipsec
	esp/transport//unique:1 ;

# Cause new SA to be acquired.
spdadd ::1 ::1[9997] tcp
	-P out ipsec
	esp/transport//unique ;

# Used proper SA.
spdadd ::1 ::1[9996] tcp
	-P out ipsec
	esp/transport//require ;

# reqid will be updated by kernel.
spdadd ::1 ::1[9995] tcp
	-P out ipsec
	esp/transport//unique:28000 ;

flush;
add ::1 ::1 esp 0x1001
	-u 1
	-E des-cbc "kamekame";
add ::1 ::1 esp 0x1002
	-u 2
	-E des-cbc "hogehoge";

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>