ipsec-tools/src/setkey/sample-policy02.cf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

#
# this is test configuration for unique policy on loopback.
#

spdflush;
# connection to 9999 encrypted, reverse no encrypted.
spdadd ::1 ::1[9999] tcp
	-P out ipsec
	esp/transport//unique:2 ;

# Session encrypted.  Inbound policy check takes place non-strictly.
spdadd ::1 ::1[9998] tcp
	-P out ipsec
	esp/transport//unique:1 ;
spdadd ::1[9998] ::1 tcp
	-P in ipsec
	esp/transport//unique:2 ;
spdadd ::1[9998] ::1 tcp
	-P out ipsec
	esp/transport//unique:1 ;

# Cause new SA to be acquired.
spdadd ::1 ::1[9997] tcp
	-P out ipsec
	esp/transport//unique ;

# Used proper SA.
spdadd ::1 ::1[9996] tcp
	-P out ipsec
	esp/transport//require ;

# reqid will be updated by kernel.
spdadd ::1 ::1[9995] tcp
	-P out ipsec
	esp/transport//unique:28000 ;

flush;
add ::1 ::1 esp 0x1001
	-u 1
	-E des-cbc "kamekame";
add ::1 ::1 esp 0x1002
	-u 2
	-E des-cbc "hogehoge";