summaryrefslogtreecommitdiffstats
path: root/ipsec-tools/src/setkey/sample-policy02.cf
diff options
context:
space:
mode:
Diffstat (limited to 'ipsec-tools/src/setkey/sample-policy02.cf')
-rw-r--r--ipsec-tools/src/setkey/sample-policy02.cf43
1 files changed, 43 insertions, 0 deletions
diff --git a/ipsec-tools/src/setkey/sample-policy02.cf b/ipsec-tools/src/setkey/sample-policy02.cf
new file mode 100644
index 00000000..8c5134a8
--- /dev/null
+++ b/ipsec-tools/src/setkey/sample-policy02.cf
@@ -0,0 +1,43 @@
+#
+# this is test configuration for unique policy on loopback.
+#
+
+spdflush;
+# connection to 9999 encrypted, reverse no encrypted.
+spdadd ::1 ::1[9999] tcp
+ -P out ipsec
+ esp/transport//unique:2 ;
+
+# Session encrypted. Inbound policy check takes place non-strictly.
+spdadd ::1 ::1[9998] tcp
+ -P out ipsec
+ esp/transport//unique:1 ;
+spdadd ::1[9998] ::1 tcp
+ -P in ipsec
+ esp/transport//unique:2 ;
+spdadd ::1[9998] ::1 tcp
+ -P out ipsec
+ esp/transport//unique:1 ;
+
+# Cause new SA to be acquired.
+spdadd ::1 ::1[9997] tcp
+ -P out ipsec
+ esp/transport//unique ;
+
+# Used proper SA.
+spdadd ::1 ::1[9996] tcp
+ -P out ipsec
+ esp/transport//require ;
+
+# reqid will be updated by kernel.
+spdadd ::1 ::1[9995] tcp
+ -P out ipsec
+ esp/transport//unique:28000 ;
+
+flush;
+add ::1 ::1 esp 0x1001
+ -u 1
+ -E des-cbc "kamekame";
+add ::1 ::1 esp 0x1002
+ -u 2
+ -E des-cbc "hogehoge";
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-04 01:08:00 +0000