diff options
Diffstat (limited to 'ipsec-tools/src/setkey/sample-policy02.cf')
-rw-r--r-- | ipsec-tools/src/setkey/sample-policy02.cf | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/ipsec-tools/src/setkey/sample-policy02.cf b/ipsec-tools/src/setkey/sample-policy02.cf new file mode 100644 index 00000000..8c5134a8 --- /dev/null +++ b/ipsec-tools/src/setkey/sample-policy02.cf @@ -0,0 +1,43 @@ +# +# this is test configuration for unique policy on loopback. +# + +spdflush; +# connection to 9999 encrypted, reverse no encrypted. +spdadd ::1 ::1[9999] tcp + -P out ipsec + esp/transport//unique:2 ; + +# Session encrypted. Inbound policy check takes place non-strictly. +spdadd ::1 ::1[9998] tcp + -P out ipsec + esp/transport//unique:1 ; +spdadd ::1[9998] ::1 tcp + -P in ipsec + esp/transport//unique:2 ; +spdadd ::1[9998] ::1 tcp + -P out ipsec + esp/transport//unique:1 ; + +# Cause new SA to be acquired. +spdadd ::1 ::1[9997] tcp + -P out ipsec + esp/transport//unique ; + +# Used proper SA. +spdadd ::1 ::1[9996] tcp + -P out ipsec + esp/transport//require ; + +# reqid will be updated by kernel. +spdadd ::1 ::1[9995] tcp + -P out ipsec + esp/transport//unique:28000 ; + +flush; +add ::1 ::1 esp 0x1001 + -u 1 + -E des-cbc "kamekame"; +add ::1 ::1 esp 0x1002 + -u 2 + -E des-cbc "hogehoge"; |