summaryrefslogtreecommitdiff
path: root/regress/sbin/ipsecctl
diff options
context:
space:
mode:
authorHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2006-05-30 19:36:55 +0000
committerHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2006-05-30 19:36:55 +0000
commit4fe7792c57bc9144c481f7f18549d9bfbe0e2189 (patch)
treeb52b483d8531e5fa72656f45dfc7e4a483f9b60a /regress/sbin/ipsecctl
parent0c6aace57de57459effc7adbb1ccabe34c6f666e (diff)
tests for rule expansion and ike
Diffstat (limited to 'regress/sbin/ipsecctl')
-rw-r--r--regress/sbin/ipsecctl/Makefile4
-rw-r--r--regress/sbin/ipsecctl/ike12.in2
-rw-r--r--regress/sbin/ipsecctl/ike12.ok58
-rw-r--r--regress/sbin/ipsecctl/ike13.in2
-rw-r--r--regress/sbin/ipsecctl/ike13.ok58
-rw-r--r--regress/sbin/ipsecctl/ike14.in3
-rw-r--r--regress/sbin/ipsecctl/ike14.ok182
7 files changed, 307 insertions, 2 deletions
diff --git a/regress/sbin/ipsecctl/Makefile b/regress/sbin/ipsecctl/Makefile
index 052dea70ce6..4f1fb06c536 100644
--- a/regress/sbin/ipsecctl/Makefile
+++ b/regress/sbin/ipsecctl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.21 2006/05/30 19:25:23 hshoexer Exp $
+# $OpenBSD: Makefile,v 1.22 2006/05/30 19:36:54 hshoexer Exp $
# TARGETS
# ipsec: feed ipsecNN.in through ipsecctl and check wether the output matches
@@ -11,7 +11,7 @@ IPSECTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
TCPMD5TESTS=1 2 3
SATESTS=1 2 3 4 5 6 7 8 9 10 11 12
SAFAIL=1
-IKETESTS=1 2 3 4 5 6 7 8 9 10 11
+IKETESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14
SHELL=/bin/sh
diff --git a/regress/sbin/ipsecctl/ike12.in b/regress/sbin/ipsecctl/ike12.in
new file mode 100644
index 00000000000..b85bd6ee275
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike12.in
@@ -0,0 +1,2 @@
+TO="{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
+ike from 1.1.1.1 to $TO peer 5.5.5.5
diff --git a/regress/sbin/ipsecctl/ike12.ok b/regress/sbin/ipsecctl/ike12.ok
new file mode 100644
index 00000000000..bf10271002e
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike12.ok
@@ -0,0 +1,58 @@
+TO = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
+C set [Phase 1]:5.5.5.5=peer-5.5.5.5 force
+C set [peer-5.5.5.5]:Phase=1 force
+C set [peer-5.5.5.5]:Address=5.5.5.5 force
+C set [peer-5.5.5.5]:Configuration=mm-5.5.5.5 force
+C set [mm-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-5.5.5.5]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [IPsec-1.1.1.1-2.2.2.0/24]:Phase=2 force
+C set [IPsec-1.1.1.1-2.2.2.0/24]:ISAKMP-peer=peer-5.5.5.5 force
+C set [IPsec-1.1.1.1-2.2.2.0/24]:Configuration=qm-1.1.1.1-2.2.2.0/24 force
+C set [IPsec-1.1.1.1-2.2.2.0/24]:Local-ID=lid-1.1.1.1 force
+C set [IPsec-1.1.1.1-2.2.2.0/24]:Remote-ID=rid-2.2.2.0/24 force
+C set [qm-1.1.1.1-2.2.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-1.1.1.1-2.2.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [lid-1.1.1.1]:Address=1.1.1.1 force
+C set [rid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [rid-2.2.2.0/24]:Network=2.2.2.0 force
+C set [rid-2.2.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.0/24
+C set [Phase 1]:5.5.5.5=peer-5.5.5.5 force
+C set [peer-5.5.5.5]:Phase=1 force
+C set [peer-5.5.5.5]:Address=5.5.5.5 force
+C set [peer-5.5.5.5]:Configuration=mm-5.5.5.5 force
+C set [mm-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-5.5.5.5]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [IPsec-1.1.1.1-3.3.3.0/24]:Phase=2 force
+C set [IPsec-1.1.1.1-3.3.3.0/24]:ISAKMP-peer=peer-5.5.5.5 force
+C set [IPsec-1.1.1.1-3.3.3.0/24]:Configuration=qm-1.1.1.1-3.3.3.0/24 force
+C set [IPsec-1.1.1.1-3.3.3.0/24]:Local-ID=lid-1.1.1.1 force
+C set [IPsec-1.1.1.1-3.3.3.0/24]:Remote-ID=rid-3.3.3.0/24 force
+C set [qm-1.1.1.1-3.3.3.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-1.1.1.1-3.3.3.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [lid-1.1.1.1]:Address=1.1.1.1 force
+C set [rid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [rid-3.3.3.0/24]:Network=3.3.3.0 force
+C set [rid-3.3.3.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=IPsec-1.1.1.1-3.3.3.0/24
+C set [Phase 1]:5.5.5.5=peer-5.5.5.5 force
+C set [peer-5.5.5.5]:Phase=1 force
+C set [peer-5.5.5.5]:Address=5.5.5.5 force
+C set [peer-5.5.5.5]:Configuration=mm-5.5.5.5 force
+C set [mm-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-5.5.5.5]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [IPsec-1.1.1.1-4.4.4.0/24]:Phase=2 force
+C set [IPsec-1.1.1.1-4.4.4.0/24]:ISAKMP-peer=peer-5.5.5.5 force
+C set [IPsec-1.1.1.1-4.4.4.0/24]:Configuration=qm-1.1.1.1-4.4.4.0/24 force
+C set [IPsec-1.1.1.1-4.4.4.0/24]:Local-ID=lid-1.1.1.1 force
+C set [IPsec-1.1.1.1-4.4.4.0/24]:Remote-ID=rid-4.4.4.0/24 force
+C set [qm-1.1.1.1-4.4.4.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-1.1.1.1-4.4.4.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [lid-1.1.1.1]:Address=1.1.1.1 force
+C set [rid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [rid-4.4.4.0/24]:Network=4.4.4.0 force
+C set [rid-4.4.4.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=IPsec-1.1.1.1-4.4.4.0/24
diff --git a/regress/sbin/ipsecctl/ike13.in b/regress/sbin/ipsecctl/ike13.in
new file mode 100644
index 00000000000..b3aaf8b4b7b
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike13.in
@@ -0,0 +1,2 @@
+FROM="{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
+ike from $FROM to 1.1.1.1
diff --git a/regress/sbin/ipsecctl/ike13.ok b/regress/sbin/ipsecctl/ike13.ok
new file mode 100644
index 00000000000..94f00d1693b
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike13.ok
@@ -0,0 +1,58 @@
+FROM = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
+C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [IPsec-2.2.2.0/24-1.1.1.1]:Phase=2 force
+C set [IPsec-2.2.2.0/24-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
+C set [IPsec-2.2.2.0/24-1.1.1.1]:Configuration=qm-2.2.2.0/24-1.1.1.1 force
+C set [IPsec-2.2.2.0/24-1.1.1.1]:Local-ID=lid-2.2.2.0/24 force
+C set [IPsec-2.2.2.0/24-1.1.1.1]:Remote-ID=rid-1.1.1.1 force
+C set [qm-2.2.2.0/24-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-2.2.2.0/24-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [lid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [lid-2.2.2.0/24]:Network=2.2.2.0 force
+C set [lid-2.2.2.0/24]:Netmask=255.255.255.0 force
+C set [rid-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [rid-1.1.1.1]:Address=1.1.1.1 force
+C add [Phase 2]:Connections=IPsec-2.2.2.0/24-1.1.1.1
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
+C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [IPsec-3.3.3.0/24-1.1.1.1]:Phase=2 force
+C set [IPsec-3.3.3.0/24-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
+C set [IPsec-3.3.3.0/24-1.1.1.1]:Configuration=qm-3.3.3.0/24-1.1.1.1 force
+C set [IPsec-3.3.3.0/24-1.1.1.1]:Local-ID=lid-3.3.3.0/24 force
+C set [IPsec-3.3.3.0/24-1.1.1.1]:Remote-ID=rid-1.1.1.1 force
+C set [qm-3.3.3.0/24-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-3.3.3.0/24-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [lid-3.3.3.0/24]:Network=3.3.3.0 force
+C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force
+C set [rid-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [rid-1.1.1.1]:Address=1.1.1.1 force
+C add [Phase 2]:Connections=IPsec-3.3.3.0/24-1.1.1.1
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
+C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [IPsec-4.4.4.0/24-1.1.1.1]:Phase=2 force
+C set [IPsec-4.4.4.0/24-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
+C set [IPsec-4.4.4.0/24-1.1.1.1]:Configuration=qm-4.4.4.0/24-1.1.1.1 force
+C set [IPsec-4.4.4.0/24-1.1.1.1]:Local-ID=lid-4.4.4.0/24 force
+C set [IPsec-4.4.4.0/24-1.1.1.1]:Remote-ID=rid-1.1.1.1 force
+C set [qm-4.4.4.0/24-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-4.4.4.0/24-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [lid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [lid-4.4.4.0/24]:Network=4.4.4.0 force
+C set [lid-4.4.4.0/24]:Netmask=255.255.255.0 force
+C set [rid-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [rid-1.1.1.1]:Address=1.1.1.1 force
+C add [Phase 2]:Connections=IPsec-4.4.4.0/24-1.1.1.1
diff --git a/regress/sbin/ipsecctl/ike14.in b/regress/sbin/ipsecctl/ike14.in
new file mode 100644
index 00000000000..9758b21717d
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike14.in
@@ -0,0 +1,3 @@
+FROM="{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
+TO="{ 5.5.5.0/24, 6.6.6.0/24, 7.7.7.0/24 }"
+ike from $FROM to $TO peer 1.1.1.1
diff --git a/regress/sbin/ipsecctl/ike14.ok b/regress/sbin/ipsecctl/ike14.ok
new file mode 100644
index 00000000000..f62f4841952
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike14.ok
@@ -0,0 +1,182 @@
+FROM = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
+TO = "{ 5.5.5.0/24, 6.6.6.0/24, 7.7.7.0/24 }"
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
+C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [IPsec-2.2.2.0/24-5.5.5.0/24]:Phase=2 force
+C set [IPsec-2.2.2.0/24-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [IPsec-2.2.2.0/24-5.5.5.0/24]:Configuration=qm-2.2.2.0/24-5.5.5.0/24 force
+C set [IPsec-2.2.2.0/24-5.5.5.0/24]:Local-ID=lid-2.2.2.0/24 force
+C set [IPsec-2.2.2.0/24-5.5.5.0/24]:Remote-ID=rid-5.5.5.0/24 force
+C set [qm-2.2.2.0/24-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-2.2.2.0/24-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [lid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [lid-2.2.2.0/24]:Network=2.2.2.0 force
+C set [lid-2.2.2.0/24]:Netmask=255.255.255.0 force
+C set [rid-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [rid-5.5.5.0/24]:Network=5.5.5.0 force
+C set [rid-5.5.5.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=IPsec-2.2.2.0/24-5.5.5.0/24
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
+C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [IPsec-2.2.2.0/24-6.6.6.0/24]:Phase=2 force
+C set [IPsec-2.2.2.0/24-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [IPsec-2.2.2.0/24-6.6.6.0/24]:Configuration=qm-2.2.2.0/24-6.6.6.0/24 force
+C set [IPsec-2.2.2.0/24-6.6.6.0/24]:Local-ID=lid-2.2.2.0/24 force
+C set [IPsec-2.2.2.0/24-6.6.6.0/24]:Remote-ID=rid-6.6.6.0/24 force
+C set [qm-2.2.2.0/24-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-2.2.2.0/24-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [lid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [lid-2.2.2.0/24]:Network=2.2.2.0 force
+C set [lid-2.2.2.0/24]:Netmask=255.255.255.0 force
+C set [rid-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [rid-6.6.6.0/24]:Network=6.6.6.0 force
+C set [rid-6.6.6.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=IPsec-2.2.2.0/24-6.6.6.0/24
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
+C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [IPsec-2.2.2.0/24-7.7.7.0/24]:Phase=2 force
+C set [IPsec-2.2.2.0/24-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [IPsec-2.2.2.0/24-7.7.7.0/24]:Configuration=qm-2.2.2.0/24-7.7.7.0/24 force
+C set [IPsec-2.2.2.0/24-7.7.7.0/24]:Local-ID=lid-2.2.2.0/24 force
+C set [IPsec-2.2.2.0/24-7.7.7.0/24]:Remote-ID=rid-7.7.7.0/24 force
+C set [qm-2.2.2.0/24-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-2.2.2.0/24-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [lid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [lid-2.2.2.0/24]:Network=2.2.2.0 force
+C set [lid-2.2.2.0/24]:Netmask=255.255.255.0 force
+C set [rid-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [rid-7.7.7.0/24]:Network=7.7.7.0 force
+C set [rid-7.7.7.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=IPsec-2.2.2.0/24-7.7.7.0/24
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
+C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [IPsec-3.3.3.0/24-5.5.5.0/24]:Phase=2 force
+C set [IPsec-3.3.3.0/24-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [IPsec-3.3.3.0/24-5.5.5.0/24]:Configuration=qm-3.3.3.0/24-5.5.5.0/24 force
+C set [IPsec-3.3.3.0/24-5.5.5.0/24]:Local-ID=lid-3.3.3.0/24 force
+C set [IPsec-3.3.3.0/24-5.5.5.0/24]:Remote-ID=rid-5.5.5.0/24 force
+C set [qm-3.3.3.0/24-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-3.3.3.0/24-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [lid-3.3.3.0/24]:Network=3.3.3.0 force
+C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force
+C set [rid-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [rid-5.5.5.0/24]:Network=5.5.5.0 force
+C set [rid-5.5.5.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=IPsec-3.3.3.0/24-5.5.5.0/24
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
+C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [IPsec-3.3.3.0/24-6.6.6.0/24]:Phase=2 force
+C set [IPsec-3.3.3.0/24-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [IPsec-3.3.3.0/24-6.6.6.0/24]:Configuration=qm-3.3.3.0/24-6.6.6.0/24 force
+C set [IPsec-3.3.3.0/24-6.6.6.0/24]:Local-ID=lid-3.3.3.0/24 force
+C set [IPsec-3.3.3.0/24-6.6.6.0/24]:Remote-ID=rid-6.6.6.0/24 force
+C set [qm-3.3.3.0/24-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-3.3.3.0/24-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [lid-3.3.3.0/24]:Network=3.3.3.0 force
+C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force
+C set [rid-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [rid-6.6.6.0/24]:Network=6.6.6.0 force
+C set [rid-6.6.6.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=IPsec-3.3.3.0/24-6.6.6.0/24
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
+C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [IPsec-3.3.3.0/24-7.7.7.0/24]:Phase=2 force
+C set [IPsec-3.3.3.0/24-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [IPsec-3.3.3.0/24-7.7.7.0/24]:Configuration=qm-3.3.3.0/24-7.7.7.0/24 force
+C set [IPsec-3.3.3.0/24-7.7.7.0/24]:Local-ID=lid-3.3.3.0/24 force
+C set [IPsec-3.3.3.0/24-7.7.7.0/24]:Remote-ID=rid-7.7.7.0/24 force
+C set [qm-3.3.3.0/24-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-3.3.3.0/24-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [lid-3.3.3.0/24]:Network=3.3.3.0 force
+C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force
+C set [rid-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [rid-7.7.7.0/24]:Network=7.7.7.0 force
+C set [rid-7.7.7.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=IPsec-3.3.3.0/24-7.7.7.0/24
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
+C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [IPsec-4.4.4.0/24-5.5.5.0/24]:Phase=2 force
+C set [IPsec-4.4.4.0/24-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [IPsec-4.4.4.0/24-5.5.5.0/24]:Configuration=qm-4.4.4.0/24-5.5.5.0/24 force
+C set [IPsec-4.4.4.0/24-5.5.5.0/24]:Local-ID=lid-4.4.4.0/24 force
+C set [IPsec-4.4.4.0/24-5.5.5.0/24]:Remote-ID=rid-5.5.5.0/24 force
+C set [qm-4.4.4.0/24-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-4.4.4.0/24-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [lid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [lid-4.4.4.0/24]:Network=4.4.4.0 force
+C set [lid-4.4.4.0/24]:Netmask=255.255.255.0 force
+C set [rid-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [rid-5.5.5.0/24]:Network=5.5.5.0 force
+C set [rid-5.5.5.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=IPsec-4.4.4.0/24-5.5.5.0/24
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
+C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [IPsec-4.4.4.0/24-6.6.6.0/24]:Phase=2 force
+C set [IPsec-4.4.4.0/24-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [IPsec-4.4.4.0/24-6.6.6.0/24]:Configuration=qm-4.4.4.0/24-6.6.6.0/24 force
+C set [IPsec-4.4.4.0/24-6.6.6.0/24]:Local-ID=lid-4.4.4.0/24 force
+C set [IPsec-4.4.4.0/24-6.6.6.0/24]:Remote-ID=rid-6.6.6.0/24 force
+C set [qm-4.4.4.0/24-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-4.4.4.0/24-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [lid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [lid-4.4.4.0/24]:Network=4.4.4.0 force
+C set [lid-4.4.4.0/24]:Netmask=255.255.255.0 force
+C set [rid-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [rid-6.6.6.0/24]:Network=6.6.6.0 force
+C set [rid-6.6.6.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=IPsec-4.4.4.0/24-6.6.6.0/24
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
+C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [IPsec-4.4.4.0/24-7.7.7.0/24]:Phase=2 force
+C set [IPsec-4.4.4.0/24-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [IPsec-4.4.4.0/24-7.7.7.0/24]:Configuration=qm-4.4.4.0/24-7.7.7.0/24 force
+C set [IPsec-4.4.4.0/24-7.7.7.0/24]:Local-ID=lid-4.4.4.0/24 force
+C set [IPsec-4.4.4.0/24-7.7.7.0/24]:Remote-ID=rid-7.7.7.0/24 force
+C set [qm-4.4.4.0/24-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-4.4.4.0/24-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [lid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [lid-4.4.4.0/24]:Network=4.4.4.0 force
+C set [lid-4.4.4.0/24]:Netmask=255.255.255.0 force
+C set [rid-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [rid-7.7.7.0/24]:Network=7.7.7.0 force
+C set [rid-7.7.7.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=IPsec-4.4.4.0/24-7.7.7.0/24