diff options
author | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2006-05-30 19:36:55 +0000 |
---|---|---|
committer | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2006-05-30 19:36:55 +0000 |
commit | 4fe7792c57bc9144c481f7f18549d9bfbe0e2189 (patch) | |
tree | b52b483d8531e5fa72656f45dfc7e4a483f9b60a /regress/sbin/ipsecctl | |
parent | 0c6aace57de57459effc7adbb1ccabe34c6f666e (diff) |
tests for rule expansion and ike
Diffstat (limited to 'regress/sbin/ipsecctl')
-rw-r--r-- | regress/sbin/ipsecctl/Makefile | 4 | ||||
-rw-r--r-- | regress/sbin/ipsecctl/ike12.in | 2 | ||||
-rw-r--r-- | regress/sbin/ipsecctl/ike12.ok | 58 | ||||
-rw-r--r-- | regress/sbin/ipsecctl/ike13.in | 2 | ||||
-rw-r--r-- | regress/sbin/ipsecctl/ike13.ok | 58 | ||||
-rw-r--r-- | regress/sbin/ipsecctl/ike14.in | 3 | ||||
-rw-r--r-- | regress/sbin/ipsecctl/ike14.ok | 182 |
7 files changed, 307 insertions, 2 deletions
diff --git a/regress/sbin/ipsecctl/Makefile b/regress/sbin/ipsecctl/Makefile index 052dea70ce6..4f1fb06c536 100644 --- a/regress/sbin/ipsecctl/Makefile +++ b/regress/sbin/ipsecctl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.21 2006/05/30 19:25:23 hshoexer Exp $ +# $OpenBSD: Makefile,v 1.22 2006/05/30 19:36:54 hshoexer Exp $ # TARGETS # ipsec: feed ipsecNN.in through ipsecctl and check wether the output matches @@ -11,7 +11,7 @@ IPSECTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 TCPMD5TESTS=1 2 3 SATESTS=1 2 3 4 5 6 7 8 9 10 11 12 SAFAIL=1 -IKETESTS=1 2 3 4 5 6 7 8 9 10 11 +IKETESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 SHELL=/bin/sh diff --git a/regress/sbin/ipsecctl/ike12.in b/regress/sbin/ipsecctl/ike12.in new file mode 100644 index 00000000000..b85bd6ee275 --- /dev/null +++ b/regress/sbin/ipsecctl/ike12.in @@ -0,0 +1,2 @@ +TO="{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }" +ike from 1.1.1.1 to $TO peer 5.5.5.5 diff --git a/regress/sbin/ipsecctl/ike12.ok b/regress/sbin/ipsecctl/ike12.ok new file mode 100644 index 00000000000..bf10271002e --- /dev/null +++ b/regress/sbin/ipsecctl/ike12.ok @@ -0,0 +1,58 @@ +TO = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }" +C set [Phase 1]:5.5.5.5=peer-5.5.5.5 force +C set [peer-5.5.5.5]:Phase=1 force +C set [peer-5.5.5.5]:Address=5.5.5.5 force +C set [peer-5.5.5.5]:Configuration=mm-5.5.5.5 force +C set [mm-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force +C add [mm-5.5.5.5]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-1.1.1.1-2.2.2.0/24]:Phase=2 force +C set [IPsec-1.1.1.1-2.2.2.0/24]:ISAKMP-peer=peer-5.5.5.5 force +C set [IPsec-1.1.1.1-2.2.2.0/24]:Configuration=qm-1.1.1.1-2.2.2.0/24 force +C set [IPsec-1.1.1.1-2.2.2.0/24]:Local-ID=lid-1.1.1.1 force +C set [IPsec-1.1.1.1-2.2.2.0/24]:Remote-ID=rid-2.2.2.0/24 force +C set [qm-1.1.1.1-2.2.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-1.1.1.1-2.2.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force +C set [lid-1.1.1.1]:Address=1.1.1.1 force +C set [rid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-2.2.2.0/24]:Network=2.2.2.0 force +C set [rid-2.2.2.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.0/24 +C set [Phase 1]:5.5.5.5=peer-5.5.5.5 force +C set [peer-5.5.5.5]:Phase=1 force +C set [peer-5.5.5.5]:Address=5.5.5.5 force +C set [peer-5.5.5.5]:Configuration=mm-5.5.5.5 force +C set [mm-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force +C add [mm-5.5.5.5]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-1.1.1.1-3.3.3.0/24]:Phase=2 force +C set [IPsec-1.1.1.1-3.3.3.0/24]:ISAKMP-peer=peer-5.5.5.5 force +C set [IPsec-1.1.1.1-3.3.3.0/24]:Configuration=qm-1.1.1.1-3.3.3.0/24 force +C set [IPsec-1.1.1.1-3.3.3.0/24]:Local-ID=lid-1.1.1.1 force +C set [IPsec-1.1.1.1-3.3.3.0/24]:Remote-ID=rid-3.3.3.0/24 force +C set [qm-1.1.1.1-3.3.3.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-1.1.1.1-3.3.3.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force +C set [lid-1.1.1.1]:Address=1.1.1.1 force +C set [rid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-3.3.3.0/24]:Network=3.3.3.0 force +C set [rid-3.3.3.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-1.1.1.1-3.3.3.0/24 +C set [Phase 1]:5.5.5.5=peer-5.5.5.5 force +C set [peer-5.5.5.5]:Phase=1 force +C set [peer-5.5.5.5]:Address=5.5.5.5 force +C set [peer-5.5.5.5]:Configuration=mm-5.5.5.5 force +C set [mm-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force +C add [mm-5.5.5.5]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-1.1.1.1-4.4.4.0/24]:Phase=2 force +C set [IPsec-1.1.1.1-4.4.4.0/24]:ISAKMP-peer=peer-5.5.5.5 force +C set [IPsec-1.1.1.1-4.4.4.0/24]:Configuration=qm-1.1.1.1-4.4.4.0/24 force +C set [IPsec-1.1.1.1-4.4.4.0/24]:Local-ID=lid-1.1.1.1 force +C set [IPsec-1.1.1.1-4.4.4.0/24]:Remote-ID=rid-4.4.4.0/24 force +C set [qm-1.1.1.1-4.4.4.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-1.1.1.1-4.4.4.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force +C set [lid-1.1.1.1]:Address=1.1.1.1 force +C set [rid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-4.4.4.0/24]:Network=4.4.4.0 force +C set [rid-4.4.4.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-1.1.1.1-4.4.4.0/24 diff --git a/regress/sbin/ipsecctl/ike13.in b/regress/sbin/ipsecctl/ike13.in new file mode 100644 index 00000000000..b3aaf8b4b7b --- /dev/null +++ b/regress/sbin/ipsecctl/ike13.in @@ -0,0 +1,2 @@ +FROM="{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }" +ike from $FROM to 1.1.1.1 diff --git a/regress/sbin/ipsecctl/ike13.ok b/regress/sbin/ipsecctl/ike13.ok new file mode 100644 index 00000000000..94f00d1693b --- /dev/null +++ b/regress/sbin/ipsecctl/ike13.ok @@ -0,0 +1,58 @@ +FROM = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }" +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force +C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-2.2.2.0/24-1.1.1.1]:Phase=2 force +C set [IPsec-2.2.2.0/24-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force +C set [IPsec-2.2.2.0/24-1.1.1.1]:Configuration=qm-2.2.2.0/24-1.1.1.1 force +C set [IPsec-2.2.2.0/24-1.1.1.1]:Local-ID=lid-2.2.2.0/24 force +C set [IPsec-2.2.2.0/24-1.1.1.1]:Remote-ID=rid-1.1.1.1 force +C set [qm-2.2.2.0/24-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-2.2.2.0/24-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-2.2.2.0/24]:Network=2.2.2.0 force +C set [lid-2.2.2.0/24]:Netmask=255.255.255.0 force +C set [rid-1.1.1.1]:ID-type=IPV4_ADDR force +C set [rid-1.1.1.1]:Address=1.1.1.1 force +C add [Phase 2]:Connections=IPsec-2.2.2.0/24-1.1.1.1 +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force +C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-3.3.3.0/24-1.1.1.1]:Phase=2 force +C set [IPsec-3.3.3.0/24-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force +C set [IPsec-3.3.3.0/24-1.1.1.1]:Configuration=qm-3.3.3.0/24-1.1.1.1 force +C set [IPsec-3.3.3.0/24-1.1.1.1]:Local-ID=lid-3.3.3.0/24 force +C set [IPsec-3.3.3.0/24-1.1.1.1]:Remote-ID=rid-1.1.1.1 force +C set [qm-3.3.3.0/24-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3.3.3.0/24-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-3.3.3.0/24]:Network=3.3.3.0 force +C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force +C set [rid-1.1.1.1]:ID-type=IPV4_ADDR force +C set [rid-1.1.1.1]:Address=1.1.1.1 force +C add [Phase 2]:Connections=IPsec-3.3.3.0/24-1.1.1.1 +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force +C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-4.4.4.0/24-1.1.1.1]:Phase=2 force +C set [IPsec-4.4.4.0/24-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force +C set [IPsec-4.4.4.0/24-1.1.1.1]:Configuration=qm-4.4.4.0/24-1.1.1.1 force +C set [IPsec-4.4.4.0/24-1.1.1.1]:Local-ID=lid-4.4.4.0/24 force +C set [IPsec-4.4.4.0/24-1.1.1.1]:Remote-ID=rid-1.1.1.1 force +C set [qm-4.4.4.0/24-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-4.4.4.0/24-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-4.4.4.0/24]:Network=4.4.4.0 force +C set [lid-4.4.4.0/24]:Netmask=255.255.255.0 force +C set [rid-1.1.1.1]:ID-type=IPV4_ADDR force +C set [rid-1.1.1.1]:Address=1.1.1.1 force +C add [Phase 2]:Connections=IPsec-4.4.4.0/24-1.1.1.1 diff --git a/regress/sbin/ipsecctl/ike14.in b/regress/sbin/ipsecctl/ike14.in new file mode 100644 index 00000000000..9758b21717d --- /dev/null +++ b/regress/sbin/ipsecctl/ike14.in @@ -0,0 +1,3 @@ +FROM="{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }" +TO="{ 5.5.5.0/24, 6.6.6.0/24, 7.7.7.0/24 }" +ike from $FROM to $TO peer 1.1.1.1 diff --git a/regress/sbin/ipsecctl/ike14.ok b/regress/sbin/ipsecctl/ike14.ok new file mode 100644 index 00000000000..f62f4841952 --- /dev/null +++ b/regress/sbin/ipsecctl/ike14.ok @@ -0,0 +1,182 @@ +FROM = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }" +TO = "{ 5.5.5.0/24, 6.6.6.0/24, 7.7.7.0/24 }" +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force +C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-2.2.2.0/24-5.5.5.0/24]:Phase=2 force +C set [IPsec-2.2.2.0/24-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force +C set [IPsec-2.2.2.0/24-5.5.5.0/24]:Configuration=qm-2.2.2.0/24-5.5.5.0/24 force +C set [IPsec-2.2.2.0/24-5.5.5.0/24]:Local-ID=lid-2.2.2.0/24 force +C set [IPsec-2.2.2.0/24-5.5.5.0/24]:Remote-ID=rid-5.5.5.0/24 force +C set [qm-2.2.2.0/24-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-2.2.2.0/24-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-2.2.2.0/24]:Network=2.2.2.0 force +C set [lid-2.2.2.0/24]:Netmask=255.255.255.0 force +C set [rid-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-5.5.5.0/24]:Network=5.5.5.0 force +C set [rid-5.5.5.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-2.2.2.0/24-5.5.5.0/24 +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force +C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-2.2.2.0/24-6.6.6.0/24]:Phase=2 force +C set [IPsec-2.2.2.0/24-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force +C set [IPsec-2.2.2.0/24-6.6.6.0/24]:Configuration=qm-2.2.2.0/24-6.6.6.0/24 force +C set [IPsec-2.2.2.0/24-6.6.6.0/24]:Local-ID=lid-2.2.2.0/24 force +C set [IPsec-2.2.2.0/24-6.6.6.0/24]:Remote-ID=rid-6.6.6.0/24 force +C set [qm-2.2.2.0/24-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-2.2.2.0/24-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-2.2.2.0/24]:Network=2.2.2.0 force +C set [lid-2.2.2.0/24]:Netmask=255.255.255.0 force +C set [rid-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-6.6.6.0/24]:Network=6.6.6.0 force +C set [rid-6.6.6.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-2.2.2.0/24-6.6.6.0/24 +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force +C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-2.2.2.0/24-7.7.7.0/24]:Phase=2 force +C set [IPsec-2.2.2.0/24-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force +C set [IPsec-2.2.2.0/24-7.7.7.0/24]:Configuration=qm-2.2.2.0/24-7.7.7.0/24 force +C set [IPsec-2.2.2.0/24-7.7.7.0/24]:Local-ID=lid-2.2.2.0/24 force +C set [IPsec-2.2.2.0/24-7.7.7.0/24]:Remote-ID=rid-7.7.7.0/24 force +C set [qm-2.2.2.0/24-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-2.2.2.0/24-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-2.2.2.0/24]:Network=2.2.2.0 force +C set [lid-2.2.2.0/24]:Netmask=255.255.255.0 force +C set [rid-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-7.7.7.0/24]:Network=7.7.7.0 force +C set [rid-7.7.7.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-2.2.2.0/24-7.7.7.0/24 +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force +C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-3.3.3.0/24-5.5.5.0/24]:Phase=2 force +C set [IPsec-3.3.3.0/24-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force +C set [IPsec-3.3.3.0/24-5.5.5.0/24]:Configuration=qm-3.3.3.0/24-5.5.5.0/24 force +C set [IPsec-3.3.3.0/24-5.5.5.0/24]:Local-ID=lid-3.3.3.0/24 force +C set [IPsec-3.3.3.0/24-5.5.5.0/24]:Remote-ID=rid-5.5.5.0/24 force +C set [qm-3.3.3.0/24-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3.3.3.0/24-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-3.3.3.0/24]:Network=3.3.3.0 force +C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force +C set [rid-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-5.5.5.0/24]:Network=5.5.5.0 force +C set [rid-5.5.5.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-3.3.3.0/24-5.5.5.0/24 +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force +C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-3.3.3.0/24-6.6.6.0/24]:Phase=2 force +C set [IPsec-3.3.3.0/24-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force +C set [IPsec-3.3.3.0/24-6.6.6.0/24]:Configuration=qm-3.3.3.0/24-6.6.6.0/24 force +C set [IPsec-3.3.3.0/24-6.6.6.0/24]:Local-ID=lid-3.3.3.0/24 force +C set [IPsec-3.3.3.0/24-6.6.6.0/24]:Remote-ID=rid-6.6.6.0/24 force +C set [qm-3.3.3.0/24-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3.3.3.0/24-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-3.3.3.0/24]:Network=3.3.3.0 force +C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force +C set [rid-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-6.6.6.0/24]:Network=6.6.6.0 force +C set [rid-6.6.6.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-3.3.3.0/24-6.6.6.0/24 +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force +C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-3.3.3.0/24-7.7.7.0/24]:Phase=2 force +C set [IPsec-3.3.3.0/24-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force +C set [IPsec-3.3.3.0/24-7.7.7.0/24]:Configuration=qm-3.3.3.0/24-7.7.7.0/24 force +C set [IPsec-3.3.3.0/24-7.7.7.0/24]:Local-ID=lid-3.3.3.0/24 force +C set [IPsec-3.3.3.0/24-7.7.7.0/24]:Remote-ID=rid-7.7.7.0/24 force +C set [qm-3.3.3.0/24-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3.3.3.0/24-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-3.3.3.0/24]:Network=3.3.3.0 force +C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force +C set [rid-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-7.7.7.0/24]:Network=7.7.7.0 force +C set [rid-7.7.7.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-3.3.3.0/24-7.7.7.0/24 +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force +C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-4.4.4.0/24-5.5.5.0/24]:Phase=2 force +C set [IPsec-4.4.4.0/24-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force +C set [IPsec-4.4.4.0/24-5.5.5.0/24]:Configuration=qm-4.4.4.0/24-5.5.5.0/24 force +C set [IPsec-4.4.4.0/24-5.5.5.0/24]:Local-ID=lid-4.4.4.0/24 force +C set [IPsec-4.4.4.0/24-5.5.5.0/24]:Remote-ID=rid-5.5.5.0/24 force +C set [qm-4.4.4.0/24-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-4.4.4.0/24-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-4.4.4.0/24]:Network=4.4.4.0 force +C set [lid-4.4.4.0/24]:Netmask=255.255.255.0 force +C set [rid-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-5.5.5.0/24]:Network=5.5.5.0 force +C set [rid-5.5.5.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-4.4.4.0/24-5.5.5.0/24 +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force +C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-4.4.4.0/24-6.6.6.0/24]:Phase=2 force +C set [IPsec-4.4.4.0/24-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force +C set [IPsec-4.4.4.0/24-6.6.6.0/24]:Configuration=qm-4.4.4.0/24-6.6.6.0/24 force +C set [IPsec-4.4.4.0/24-6.6.6.0/24]:Local-ID=lid-4.4.4.0/24 force +C set [IPsec-4.4.4.0/24-6.6.6.0/24]:Remote-ID=rid-6.6.6.0/24 force +C set [qm-4.4.4.0/24-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-4.4.4.0/24-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-4.4.4.0/24]:Network=4.4.4.0 force +C set [lid-4.4.4.0/24]:Netmask=255.255.255.0 force +C set [rid-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-6.6.6.0/24]:Network=6.6.6.0 force +C set [rid-6.6.6.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-4.4.4.0/24-6.6.6.0/24 +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force +C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-1.1.1.1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-4.4.4.0/24-7.7.7.0/24]:Phase=2 force +C set [IPsec-4.4.4.0/24-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force +C set [IPsec-4.4.4.0/24-7.7.7.0/24]:Configuration=qm-4.4.4.0/24-7.7.7.0/24 force +C set [IPsec-4.4.4.0/24-7.7.7.0/24]:Local-ID=lid-4.4.4.0/24 force +C set [IPsec-4.4.4.0/24-7.7.7.0/24]:Remote-ID=rid-7.7.7.0/24 force +C set [qm-4.4.4.0/24-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-4.4.4.0/24-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-4.4.4.0/24]:Network=4.4.4.0 force +C set [lid-4.4.4.0/24]:Netmask=255.255.255.0 force +C set [rid-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-7.7.7.0/24]:Network=7.7.7.0 force +C set [rid-7.7.7.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-4.4.4.0/24-7.7.7.0/24 |