summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--regress/sbin/ipsecctl/ike1.ok30
-rw-r--r--regress/sbin/ipsecctl/ike10.ok34
-rw-r--r--regress/sbin/ipsecctl/ike11.ok80
-rw-r--r--regress/sbin/ipsecctl/ike12.ok96
-rw-r--r--regress/sbin/ipsecctl/ike13.ok96
-rw-r--r--regress/sbin/ipsecctl/ike14.ok306
-rw-r--r--regress/sbin/ipsecctl/ike15.ok46
-rw-r--r--regress/sbin/ipsecctl/ike16.ok88
-rw-r--r--regress/sbin/ipsecctl/ike17.ok64
-rw-r--r--regress/sbin/ipsecctl/ike18.ok64
-rw-r--r--regress/sbin/ipsecctl/ike19.ok32
-rw-r--r--regress/sbin/ipsecctl/ike2.ok34
-rw-r--r--regress/sbin/ipsecctl/ike20.ok80
-rw-r--r--regress/sbin/ipsecctl/ike21.ok30
-rw-r--r--regress/sbin/ipsecctl/ike22.ok34
-rw-r--r--regress/sbin/ipsecctl/ike23.ok42
-rw-r--r--regress/sbin/ipsecctl/ike29.ok40
-rw-r--r--regress/sbin/ipsecctl/ike3.ok42
-rw-r--r--regress/sbin/ipsecctl/ike30.ok34
-rw-r--r--regress/sbin/ipsecctl/ike31.ok32
-rw-r--r--regress/sbin/ipsecctl/ike32.ok30
-rw-r--r--regress/sbin/ipsecctl/ike33.ok30
-rw-r--r--regress/sbin/ipsecctl/ike34.ok34
-rw-r--r--regress/sbin/ipsecctl/ike35.ok34
-rw-r--r--regress/sbin/ipsecctl/ike36.ok30
-rw-r--r--regress/sbin/ipsecctl/ike37.ok46
-rw-r--r--regress/sbin/ipsecctl/ike38.ok88
-rw-r--r--regress/sbin/ipsecctl/ike39.ok64
-rw-r--r--regress/sbin/ipsecctl/ike4.ok46
-rw-r--r--regress/sbin/ipsecctl/ike40.ok64
-rw-r--r--regress/sbin/ipsecctl/ike41.ok30
-rw-r--r--regress/sbin/ipsecctl/ike42.ok36
-rw-r--r--regress/sbin/ipsecctl/ike43.ok38
-rw-r--r--regress/sbin/ipsecctl/ike46.ok60
-rw-r--r--regress/sbin/ipsecctl/ike47.ok68
-rw-r--r--regress/sbin/ipsecctl/ike48.ok68
-rw-r--r--regress/sbin/ipsecctl/ike49.ok34
-rw-r--r--regress/sbin/ipsecctl/ike5.ok88
-rw-r--r--regress/sbin/ipsecctl/ike50.ok34
-rw-r--r--regress/sbin/ipsecctl/ike51.ok34
-rw-r--r--regress/sbin/ipsecctl/ike52.ok34
-rw-r--r--regress/sbin/ipsecctl/ike53.ok30
-rw-r--r--regress/sbin/ipsecctl/ike54.ok38
-rw-r--r--regress/sbin/ipsecctl/ike55.ok30
-rw-r--r--regress/sbin/ipsecctl/ike56.ok30
-rw-r--r--regress/sbin/ipsecctl/ike57.ok138
-rw-r--r--regress/sbin/ipsecctl/ike58.ok102
-rw-r--r--regress/sbin/ipsecctl/ike59.ok30
-rw-r--r--regress/sbin/ipsecctl/ike6.ok64
-rw-r--r--regress/sbin/ipsecctl/ike7.ok64
-rw-r--r--regress/sbin/ipsecctl/ike8.ok32
-rw-r--r--regress/sbin/ipsecctl/ike9.ok40
-rw-r--r--regress/sbin/ipsecctl/ikedel1.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel10.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel11.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel12.ok24
-rw-r--r--regress/sbin/ipsecctl/ikedel13.ok24
-rw-r--r--regress/sbin/ipsecctl/ikedel14.ok72
-rw-r--r--regress/sbin/ipsecctl/ikedel15.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel16.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel17.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel18.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel19.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel2.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel20.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel21.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel22.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel23.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel29.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel3.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel30.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel31.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel32.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel33.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel34.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel35.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel36.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel37.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel38.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel39.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel4.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel40.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel41.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel42.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel43.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel46.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel47.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel5.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel6.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel7.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel8.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel9.ok8
-rw-r--r--regress/sbin/ipsecctl/ikefail6.ok20
-rw-r--r--sbin/ipsecctl/ike.c241
-rw-r--r--sbin/ipsecctl/ipsecctl.c4
-rw-r--r--sbin/ipsecctl/ipsecctl.h3
-rw-r--r--sbin/isakmpd/pf_key_v2.c166
97 files changed, 1941 insertions, 1905 deletions
diff --git a/regress/sbin/ipsecctl/ike1.ok b/regress/sbin/ipsecctl/ike1.ok
index 6dd25d7df47..8a94ed9e94f 100644
--- a/regress/sbin/ipsecctl/ike1.ok
+++ b/regress/sbin/ipsecctl/ike1.ok
@@ -1,18 +1,18 @@
C set [Phase 1]:131.188.33.29=peer-131.188.33.29 force
C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
-C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force
-C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-131.188.33.51-131.188.33.29]:Phase=2 force
-C set [IPsec-131.188.33.51-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Configuration=qm-131.188.33.51-131.188.33.29 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Local-ID=lid-131.188.33.51 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Remote-ID=rid-131.188.33.29 force
-C set [qm-131.188.33.51-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-131.188.33.51-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-131.188.33.51]:ID-type=IPV4_ADDR force
-C set [lid-131.188.33.51]:Address=131.188.33.51 force
-C set [rid-131.188.33.29]:ID-type=IPV4_ADDR force
-C set [rid-131.188.33.29]:Address=131.188.33.29 force
-C add [Phase 2]:Connections=IPsec-131.188.33.51-131.188.33.29
+C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
+C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
+C set [from-131.188.33.51-to-131.188.33.29]:Phase=2 force
+C set [from-131.188.33.51-to-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
+C set [from-131.188.33.51-to-131.188.33.29]:Configuration=phase2-from-131.188.33.51-to-131.188.33.29 force
+C set [from-131.188.33.51-to-131.188.33.29]:Local-ID=from-131.188.33.51 force
+C set [from-131.188.33.51-to-131.188.33.29]:Remote-ID=to-131.188.33.29 force
+C set [phase2-from-131.188.33.51-to-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-131.188.33.51-to-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-131.188.33.51]:ID-type=IPV4_ADDR force
+C set [from-131.188.33.51]:Address=131.188.33.51 force
+C set [to-131.188.33.29]:ID-type=IPV4_ADDR force
+C set [to-131.188.33.29]:Address=131.188.33.29 force
+C add [Phase 2]:Connections=from-131.188.33.51-to-131.188.33.29
diff --git a/regress/sbin/ipsecctl/ike10.ok b/regress/sbin/ipsecctl/ike10.ok
index 5c12e5d1f08..be106fe1f99 100644
--- a/regress/sbin/ipsecctl/ike10.ok
+++ b/regress/sbin/ipsecctl/ike10.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:192.168.200.1=peer-192.168.200.1 force
C set [peer-192.168.200.1]:Phase=1 force
C set [peer-192.168.200.1]:Address=192.168.200.1 force
-C set [peer-192.168.200.1]:Configuration=mm-192.168.200.1 force
-C set [mm-192.168.200.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-192.168.200.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-192.168.100.1:0-97-192.168.200.1:0-97]:Phase=2 force
-C set [IPsec-192.168.100.1:0-97-192.168.200.1:0-97]:ISAKMP-peer=peer-192.168.200.1 force
-C set [IPsec-192.168.100.1:0-97-192.168.200.1:0-97]:Configuration=qm-192.168.100.1:0-97-192.168.200.1:0-97 force
-C set [IPsec-192.168.100.1:0-97-192.168.200.1:0-97]:Local-ID=lid-192.168.100.1:0-97 force
-C set [IPsec-192.168.100.1:0-97-192.168.200.1:0-97]:Remote-ID=rid-192.168.200.1:0-97 force
-C set [qm-192.168.100.1:0-97-192.168.200.1:0-97]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-192.168.100.1:0-97-192.168.200.1:0-97]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-192.168.100.1:0-97]:ID-type=IPV4_ADDR force
-C set [lid-192.168.100.1:0-97]:Address=192.168.100.1 force
-C set [rid-192.168.200.1:0-97]:ID-type=IPV4_ADDR force
-C set [rid-192.168.200.1:0-97]:Address=192.168.200.1 force
-C set [lid-192.168.100.1:0-97]:Protocol=97 force
-C set [rid-192.168.200.1:0-97]:Protocol=97 force
-C add [Phase 2]:Connections=IPsec-192.168.100.1:0-97-192.168.200.1:0-97
+C set [peer-192.168.200.1]:Configuration=phase1-peer-192.168.200.1 force
+C set [phase1-peer-192.168.200.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-192.168.200.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-192.168.100.1=97-to-192.168.200.1=97]:Phase=2 force
+C set [from-192.168.100.1=97-to-192.168.200.1=97]:ISAKMP-peer=peer-192.168.200.1 force
+C set [from-192.168.100.1=97-to-192.168.200.1=97]:Configuration=phase2-from-192.168.100.1=97-to-192.168.200.1=97 force
+C set [from-192.168.100.1=97-to-192.168.200.1=97]:Local-ID=from-192.168.100.1=97 force
+C set [from-192.168.100.1=97-to-192.168.200.1=97]:Remote-ID=to-192.168.200.1=97 force
+C set [phase2-from-192.168.100.1=97-to-192.168.200.1=97]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-192.168.100.1=97-to-192.168.200.1=97]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-192.168.100.1=97]:ID-type=IPV4_ADDR force
+C set [from-192.168.100.1=97]:Address=192.168.100.1 force
+C set [to-192.168.200.1=97]:ID-type=IPV4_ADDR force
+C set [to-192.168.200.1=97]:Address=192.168.200.1 force
+C set [from-192.168.100.1=97]:Protocol=97 force
+C set [to-192.168.200.1=97]:Protocol=97 force
+C add [Phase 2]:Connections=from-192.168.100.1=97-to-192.168.200.1=97
diff --git a/regress/sbin/ipsecctl/ike11.ok b/regress/sbin/ipsecctl/ike11.ok
index e4d181ed6f2..ff637adcfe1 100644
--- a/regress/sbin/ipsecctl/ike11.ok
+++ b/regress/sbin/ipsecctl/ike11.ok
@@ -1,40 +1,40 @@
-C set [Phase 1]:192.168.3.1=peer-192.168.3.1 force
-C set [peer-192.168.3.1]:Phase=1 force
-C set [peer-192.168.3.1]:Address=192.168.3.1 force
-C set [peer-192.168.3.1]:Local-address=192.168.3.2 force
-C set [peer-192.168.3.1]:Configuration=mm-192.168.3.1 force
-C set [mm-192.168.3.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-192.168.3.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Phase=2 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Configuration=qm-1.1.1.1-0.0.0.0/0 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force
-C set [qm-1.1.1.1-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
-C set [Phase 1]:192.168.3.1=peer-192.168.3.1 force
-C set [peer-192.168.3.1]:Phase=1 force
-C set [peer-192.168.3.1]:Address=192.168.3.1 force
-C set [peer-192.168.3.1]:Local-address=192.168.3.2 force
-C set [peer-192.168.3.1]:Configuration=mm-192.168.3.1 force
-C set [mm-192.168.3.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-192.168.3.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Phase=2 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Configuration=qm-1.1.1.1-0.0.0.0/0 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force
-C set [qm-1.1.1.1-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
+C set [Phase 1]:192.168.3.1=peer-192.168.3.1-local-192.168.3.2 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Phase=1 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Address=192.168.3.1 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Local-address=192.168.3.2 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Configuration=phase1-peer-192.168.3.1-local-192.168.3.2 force
+C set [phase1-peer-192.168.3.1-local-192.168.3.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1-local-192.168.3.2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
+C set [Phase 1]:192.168.3.1=peer-192.168.3.1-local-192.168.3.2 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Phase=1 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Address=192.168.3.1 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Local-address=192.168.3.2 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Configuration=phase1-peer-192.168.3.1-local-192.168.3.2 force
+C set [phase1-peer-192.168.3.1-local-192.168.3.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1-local-192.168.3.2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
diff --git a/regress/sbin/ipsecctl/ike12.ok b/regress/sbin/ipsecctl/ike12.ok
index 717fae039db..2d00da756cf 100644
--- a/regress/sbin/ipsecctl/ike12.ok
+++ b/regress/sbin/ipsecctl/ike12.ok
@@ -2,57 +2,57 @@ TO = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
C set [Phase 1]:5.5.5.5=peer-5.5.5.5 force
C set [peer-5.5.5.5]:Phase=1 force
C set [peer-5.5.5.5]:Address=5.5.5.5 force
-C set [peer-5.5.5.5]:Configuration=mm-5.5.5.5 force
-C set [mm-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-5.5.5.5]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-2.2.2.0/24]:Phase=2 force
-C set [IPsec-1.1.1.1-2.2.2.0/24]:ISAKMP-peer=peer-5.5.5.5 force
-C set [IPsec-1.1.1.1-2.2.2.0/24]:Configuration=qm-1.1.1.1-2.2.2.0/24 force
-C set [IPsec-1.1.1.1-2.2.2.0/24]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-2.2.2.0/24]:Remote-ID=rid-2.2.2.0/24 force
-C set [qm-1.1.1.1-2.2.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-2.2.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-2.2.2.0/24]:Network=2.2.2.0 force
-C set [rid-2.2.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.0/24
+C set [peer-5.5.5.5]:Configuration=phase1-peer-5.5.5.5 force
+C set [phase1-peer-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-5.5.5.5]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-2.2.2.0/24]:Phase=2 force
+C set [from-1.1.1.1-to-2.2.2.0/24]:ISAKMP-peer=peer-5.5.5.5 force
+C set [from-1.1.1.1-to-2.2.2.0/24]:Configuration=phase2-from-1.1.1.1-to-2.2.2.0/24 force
+C set [from-1.1.1.1-to-2.2.2.0/24]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-2.2.2.0/24]:Remote-ID=to-2.2.2.0/24 force
+C set [phase2-from-1.1.1.1-to-2.2.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-2.2.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-2.2.2.0/24]:Network=2.2.2.0 force
+C set [to-2.2.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.0/24
C set [Phase 1]:5.5.5.5=peer-5.5.5.5 force
C set [peer-5.5.5.5]:Phase=1 force
C set [peer-5.5.5.5]:Address=5.5.5.5 force
-C set [peer-5.5.5.5]:Configuration=mm-5.5.5.5 force
-C set [mm-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-5.5.5.5]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-3.3.3.0/24]:Phase=2 force
-C set [IPsec-1.1.1.1-3.3.3.0/24]:ISAKMP-peer=peer-5.5.5.5 force
-C set [IPsec-1.1.1.1-3.3.3.0/24]:Configuration=qm-1.1.1.1-3.3.3.0/24 force
-C set [IPsec-1.1.1.1-3.3.3.0/24]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-3.3.3.0/24]:Remote-ID=rid-3.3.3.0/24 force
-C set [qm-1.1.1.1-3.3.3.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-3.3.3.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-3.3.3.0/24]:Network=3.3.3.0 force
-C set [rid-3.3.3.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-3.3.3.0/24
+C set [peer-5.5.5.5]:Configuration=phase1-peer-5.5.5.5 force
+C set [phase1-peer-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-5.5.5.5]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-3.3.3.0/24]:Phase=2 force
+C set [from-1.1.1.1-to-3.3.3.0/24]:ISAKMP-peer=peer-5.5.5.5 force
+C set [from-1.1.1.1-to-3.3.3.0/24]:Configuration=phase2-from-1.1.1.1-to-3.3.3.0/24 force
+C set [from-1.1.1.1-to-3.3.3.0/24]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-3.3.3.0/24]:Remote-ID=to-3.3.3.0/24 force
+C set [phase2-from-1.1.1.1-to-3.3.3.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-3.3.3.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-3.3.3.0/24]:Network=3.3.3.0 force
+C set [to-3.3.3.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-3.3.3.0/24
C set [Phase 1]:5.5.5.5=peer-5.5.5.5 force
C set [peer-5.5.5.5]:Phase=1 force
C set [peer-5.5.5.5]:Address=5.5.5.5 force
-C set [peer-5.5.5.5]:Configuration=mm-5.5.5.5 force
-C set [mm-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-5.5.5.5]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-4.4.4.0/24]:Phase=2 force
-C set [IPsec-1.1.1.1-4.4.4.0/24]:ISAKMP-peer=peer-5.5.5.5 force
-C set [IPsec-1.1.1.1-4.4.4.0/24]:Configuration=qm-1.1.1.1-4.4.4.0/24 force
-C set [IPsec-1.1.1.1-4.4.4.0/24]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-4.4.4.0/24]:Remote-ID=rid-4.4.4.0/24 force
-C set [qm-1.1.1.1-4.4.4.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-4.4.4.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-4.4.4.0/24]:Network=4.4.4.0 force
-C set [rid-4.4.4.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-4.4.4.0/24
+C set [peer-5.5.5.5]:Configuration=phase1-peer-5.5.5.5 force
+C set [phase1-peer-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-5.5.5.5]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-4.4.4.0/24]:Phase=2 force
+C set [from-1.1.1.1-to-4.4.4.0/24]:ISAKMP-peer=peer-5.5.5.5 force
+C set [from-1.1.1.1-to-4.4.4.0/24]:Configuration=phase2-from-1.1.1.1-to-4.4.4.0/24 force
+C set [from-1.1.1.1-to-4.4.4.0/24]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-4.4.4.0/24]:Remote-ID=to-4.4.4.0/24 force
+C set [phase2-from-1.1.1.1-to-4.4.4.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-4.4.4.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-4.4.4.0/24]:Network=4.4.4.0 force
+C set [to-4.4.4.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-4.4.4.0/24
diff --git a/regress/sbin/ipsecctl/ike13.ok b/regress/sbin/ipsecctl/ike13.ok
index 9e8900effb5..29d0cb1baea 100644
--- a/regress/sbin/ipsecctl/ike13.ok
+++ b/regress/sbin/ipsecctl/ike13.ok
@@ -2,57 +2,57 @@ FROM = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-2.2.2.0/24-1.1.1.1]:Phase=2 force
-C set [IPsec-2.2.2.0/24-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-2.2.2.0/24-1.1.1.1]:Configuration=qm-2.2.2.0/24-1.1.1.1 force
-C set [IPsec-2.2.2.0/24-1.1.1.1]:Local-ID=lid-2.2.2.0/24 force
-C set [IPsec-2.2.2.0/24-1.1.1.1]:Remote-ID=rid-1.1.1.1 force
-C set [qm-2.2.2.0/24-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-2.2.2.0/24-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-2.2.2.0/24]:Network=2.2.2.0 force
-C set [lid-2.2.2.0/24]:Netmask=255.255.255.0 force
-C set [rid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [rid-1.1.1.1]:Address=1.1.1.1 force
-C add [Phase 2]:Connections=IPsec-2.2.2.0/24-1.1.1.1
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-2.2.2.0/24-to-1.1.1.1]:Phase=2 force
+C set [from-2.2.2.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-2.2.2.0/24-to-1.1.1.1]:Configuration=phase2-from-2.2.2.0/24-to-1.1.1.1 force
+C set [from-2.2.2.0/24-to-1.1.1.1]:Local-ID=from-2.2.2.0/24 force
+C set [from-2.2.2.0/24-to-1.1.1.1]:Remote-ID=to-1.1.1.1 force
+C set [phase2-from-2.2.2.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-2.2.2.0/24-to-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-2.2.2.0/24]:Network=2.2.2.0 force
+C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
+C set [to-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [to-1.1.1.1]:Address=1.1.1.1 force
+C add [Phase 2]:Connections=from-2.2.2.0/24-to-1.1.1.1
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3.3.3.0/24-1.1.1.1]:Phase=2 force
-C set [IPsec-3.3.3.0/24-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-3.3.3.0/24-1.1.1.1]:Configuration=qm-3.3.3.0/24-1.1.1.1 force
-C set [IPsec-3.3.3.0/24-1.1.1.1]:Local-ID=lid-3.3.3.0/24 force
-C set [IPsec-3.3.3.0/24-1.1.1.1]:Remote-ID=rid-1.1.1.1 force
-C set [qm-3.3.3.0/24-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3.3.3.0/24-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-3.3.3.0/24]:Network=3.3.3.0 force
-C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force
-C set [rid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [rid-1.1.1.1]:Address=1.1.1.1 force
-C add [Phase 2]:Connections=IPsec-3.3.3.0/24-1.1.1.1
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3.3.3.0/24-to-1.1.1.1]:Phase=2 force
+C set [from-3.3.3.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-3.3.3.0/24-to-1.1.1.1]:Configuration=phase2-from-3.3.3.0/24-to-1.1.1.1 force
+C set [from-3.3.3.0/24-to-1.1.1.1]:Local-ID=from-3.3.3.0/24 force
+C set [from-3.3.3.0/24-to-1.1.1.1]:Remote-ID=to-1.1.1.1 force
+C set [phase2-from-3.3.3.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3.3.3.0/24-to-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-3.3.3.0/24]:Network=3.3.3.0 force
+C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
+C set [to-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [to-1.1.1.1]:Address=1.1.1.1 force
+C add [Phase 2]:Connections=from-3.3.3.0/24-to-1.1.1.1
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-4.4.4.0/24-1.1.1.1]:Phase=2 force
-C set [IPsec-4.4.4.0/24-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-4.4.4.0/24-1.1.1.1]:Configuration=qm-4.4.4.0/24-1.1.1.1 force
-C set [IPsec-4.4.4.0/24-1.1.1.1]:Local-ID=lid-4.4.4.0/24 force
-C set [IPsec-4.4.4.0/24-1.1.1.1]:Remote-ID=rid-1.1.1.1 force
-C set [qm-4.4.4.0/24-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-4.4.4.0/24-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-4.4.4.0/24]:Network=4.4.4.0 force
-C set [lid-4.4.4.0/24]:Netmask=255.255.255.0 force
-C set [rid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [rid-1.1.1.1]:Address=1.1.1.1 force
-C add [Phase 2]:Connections=IPsec-4.4.4.0/24-1.1.1.1
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-4.4.4.0/24-to-1.1.1.1]:Phase=2 force
+C set [from-4.4.4.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-4.4.4.0/24-to-1.1.1.1]:Configuration=phase2-from-4.4.4.0/24-to-1.1.1.1 force
+C set [from-4.4.4.0/24-to-1.1.1.1]:Local-ID=from-4.4.4.0/24 force
+C set [from-4.4.4.0/24-to-1.1.1.1]:Remote-ID=to-1.1.1.1 force
+C set [phase2-from-4.4.4.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-4.4.4.0/24-to-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-4.4.4.0/24]:Network=4.4.4.0 force
+C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
+C set [to-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [to-1.1.1.1]:Address=1.1.1.1 force
+C add [Phase 2]:Connections=from-4.4.4.0/24-to-1.1.1.1
diff --git a/regress/sbin/ipsecctl/ike14.ok b/regress/sbin/ipsecctl/ike14.ok
index b43b0124466..40d894038ca 100644
--- a/regress/sbin/ipsecctl/ike14.ok
+++ b/regress/sbin/ipsecctl/ike14.ok
@@ -3,180 +3,180 @@ TO = "{ 5.5.5.0/24, 6.6.6.0/24, 7.7.7.0/24 }"
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-2.2.2.0/24-5.5.5.0/24]:Phase=2 force
-C set [IPsec-2.2.2.0/24-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-2.2.2.0/24-5.5.5.0/24]:Configuration=qm-2.2.2.0/24-5.5.5.0/24 force
-C set [IPsec-2.2.2.0/24-5.5.5.0/24]:Local-ID=lid-2.2.2.0/24 force
-C set [IPsec-2.2.2.0/24-5.5.5.0/24]:Remote-ID=rid-5.5.5.0/24 force
-C set [qm-2.2.2.0/24-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-2.2.2.0/24-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-2.2.2.0/24]:Network=2.2.2.0 force
-C set [lid-2.2.2.0/24]:Netmask=255.255.255.0 force
-C set [rid-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-5.5.5.0/24]:Network=5.5.5.0 force
-C set [rid-5.5.5.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-2.2.2.0/24-5.5.5.0/24
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-2.2.2.0/24-to-5.5.5.0/24]:Phase=2 force
+C set [from-2.2.2.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-2.2.2.0/24-to-5.5.5.0/24]:Configuration=phase2-from-2.2.2.0/24-to-5.5.5.0/24 force
+C set [from-2.2.2.0/24-to-5.5.5.0/24]:Local-ID=from-2.2.2.0/24 force
+C set [from-2.2.2.0/24-to-5.5.5.0/24]:Remote-ID=to-5.5.5.0/24 force
+C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-2.2.2.0/24]:Network=2.2.2.0 force
+C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
+C set [to-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-5.5.5.0/24]:Network=5.5.5.0 force
+C set [to-5.5.5.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-2.2.2.0/24-to-5.5.5.0/24
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-2.2.2.0/24-6.6.6.0/24]:Phase=2 force
-C set [IPsec-2.2.2.0/24-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-2.2.2.0/24-6.6.6.0/24]:Configuration=qm-2.2.2.0/24-6.6.6.0/24 force
-C set [IPsec-2.2.2.0/24-6.6.6.0/24]:Local-ID=lid-2.2.2.0/24 force
-C set [IPsec-2.2.2.0/24-6.6.6.0/24]:Remote-ID=rid-6.6.6.0/24 force
-C set [qm-2.2.2.0/24-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-2.2.2.0/24-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-2.2.2.0/24]:Network=2.2.2.0 force
-C set [lid-2.2.2.0/24]:Netmask=255.255.255.0 force
-C set [rid-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-6.6.6.0/24]:Network=6.6.6.0 force
-C set [rid-6.6.6.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-2.2.2.0/24-6.6.6.0/24
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-2.2.2.0/24-to-6.6.6.0/24]:Phase=2 force
+C set [from-2.2.2.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-2.2.2.0/24-to-6.6.6.0/24]:Configuration=phase2-from-2.2.2.0/24-to-6.6.6.0/24 force
+C set [from-2.2.2.0/24-to-6.6.6.0/24]:Local-ID=from-2.2.2.0/24 force
+C set [from-2.2.2.0/24-to-6.6.6.0/24]:Remote-ID=to-6.6.6.0/24 force
+C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-2.2.2.0/24]:Network=2.2.2.0 force
+C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
+C set [to-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-6.6.6.0/24]:Network=6.6.6.0 force
+C set [to-6.6.6.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-2.2.2.0/24-to-6.6.6.0/24
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-2.2.2.0/24-7.7.7.0/24]:Phase=2 force
-C set [IPsec-2.2.2.0/24-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-2.2.2.0/24-7.7.7.0/24]:Configuration=qm-2.2.2.0/24-7.7.7.0/24 force
-C set [IPsec-2.2.2.0/24-7.7.7.0/24]:Local-ID=lid-2.2.2.0/24 force
-C set [IPsec-2.2.2.0/24-7.7.7.0/24]:Remote-ID=rid-7.7.7.0/24 force
-C set [qm-2.2.2.0/24-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-2.2.2.0/24-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-2.2.2.0/24]:Network=2.2.2.0 force
-C set [lid-2.2.2.0/24]:Netmask=255.255.255.0 force
-C set [rid-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-7.7.7.0/24]:Network=7.7.7.0 force
-C set [rid-7.7.7.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-2.2.2.0/24-7.7.7.0/24
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-2.2.2.0/24-to-7.7.7.0/24]:Phase=2 force
+C set [from-2.2.2.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-2.2.2.0/24-to-7.7.7.0/24]:Configuration=phase2-from-2.2.2.0/24-to-7.7.7.0/24 force
+C set [from-2.2.2.0/24-to-7.7.7.0/24]:Local-ID=from-2.2.2.0/24 force
+C set [from-2.2.2.0/24-to-7.7.7.0/24]:Remote-ID=to-7.7.7.0/24 force
+C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-2.2.2.0/24]:Network=2.2.2.0 force
+C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
+C set [to-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-7.7.7.0/24]:Network=7.7.7.0 force
+C set [to-7.7.7.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-2.2.2.0/24-to-7.7.7.0/24
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3.3.3.0/24-5.5.5.0/24]:Phase=2 force
-C set [IPsec-3.3.3.0/24-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-3.3.3.0/24-5.5.5.0/24]:Configuration=qm-3.3.3.0/24-5.5.5.0/24 force
-C set [IPsec-3.3.3.0/24-5.5.5.0/24]:Local-ID=lid-3.3.3.0/24 force
-C set [IPsec-3.3.3.0/24-5.5.5.0/24]:Remote-ID=rid-5.5.5.0/24 force
-C set [qm-3.3.3.0/24-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3.3.3.0/24-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-3.3.3.0/24]:Network=3.3.3.0 force
-C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force
-C set [rid-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-5.5.5.0/24]:Network=5.5.5.0 force
-C set [rid-5.5.5.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-3.3.3.0/24-5.5.5.0/24
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3.3.3.0/24-to-5.5.5.0/24]:Phase=2 force
+C set [from-3.3.3.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-3.3.3.0/24-to-5.5.5.0/24]:Configuration=phase2-from-3.3.3.0/24-to-5.5.5.0/24 force
+C set [from-3.3.3.0/24-to-5.5.5.0/24]:Local-ID=from-3.3.3.0/24 force
+C set [from-3.3.3.0/24-to-5.5.5.0/24]:Remote-ID=to-5.5.5.0/24 force
+C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-3.3.3.0/24]:Network=3.3.3.0 force
+C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
+C set [to-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-5.5.5.0/24]:Network=5.5.5.0 force
+C set [to-5.5.5.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-3.3.3.0/24-to-5.5.5.0/24
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3.3.3.0/24-6.6.6.0/24]:Phase=2 force
-C set [IPsec-3.3.3.0/24-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-3.3.3.0/24-6.6.6.0/24]:Configuration=qm-3.3.3.0/24-6.6.6.0/24 force
-C set [IPsec-3.3.3.0/24-6.6.6.0/24]:Local-ID=lid-3.3.3.0/24 force
-C set [IPsec-3.3.3.0/24-6.6.6.0/24]:Remote-ID=rid-6.6.6.0/24 force
-C set [qm-3.3.3.0/24-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3.3.3.0/24-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-3.3.3.0/24]:Network=3.3.3.0 force
-C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force
-C set [rid-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-6.6.6.0/24]:Network=6.6.6.0 force
-C set [rid-6.6.6.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-3.3.3.0/24-6.6.6.0/24
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3.3.3.0/24-to-6.6.6.0/24]:Phase=2 force
+C set [from-3.3.3.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-3.3.3.0/24-to-6.6.6.0/24]:Configuration=phase2-from-3.3.3.0/24-to-6.6.6.0/24 force
+C set [from-3.3.3.0/24-to-6.6.6.0/24]:Local-ID=from-3.3.3.0/24 force
+C set [from-3.3.3.0/24-to-6.6.6.0/24]:Remote-ID=to-6.6.6.0/24 force
+C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-3.3.3.0/24]:Network=3.3.3.0 force
+C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
+C set [to-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-6.6.6.0/24]:Network=6.6.6.0 force
+C set [to-6.6.6.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-3.3.3.0/24-to-6.6.6.0/24
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3.3.3.0/24-7.7.7.0/24]:Phase=2 force
-C set [IPsec-3.3.3.0/24-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-3.3.3.0/24-7.7.7.0/24]:Configuration=qm-3.3.3.0/24-7.7.7.0/24 force
-C set [IPsec-3.3.3.0/24-7.7.7.0/24]:Local-ID=lid-3.3.3.0/24 force
-C set [IPsec-3.3.3.0/24-7.7.7.0/24]:Remote-ID=rid-7.7.7.0/24 force
-C set [qm-3.3.3.0/24-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3.3.3.0/24-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-3.3.3.0/24]:Network=3.3.3.0 force
-C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force
-C set [rid-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-7.7.7.0/24]:Network=7.7.7.0 force
-C set [rid-7.7.7.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-3.3.3.0/24-7.7.7.0/24
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3.3.3.0/24-to-7.7.7.0/24]:Phase=2 force
+C set [from-3.3.3.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-3.3.3.0/24-to-7.7.7.0/24]:Configuration=phase2-from-3.3.3.0/24-to-7.7.7.0/24 force
+C set [from-3.3.3.0/24-to-7.7.7.0/24]:Local-ID=from-3.3.3.0/24 force
+C set [from-3.3.3.0/24-to-7.7.7.0/24]:Remote-ID=to-7.7.7.0/24 force
+C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-3.3.3.0/24]:Network=3.3.3.0 force
+C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
+C set [to-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-7.7.7.0/24]:Network=7.7.7.0 force
+C set [to-7.7.7.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-3.3.3.0/24-to-7.7.7.0/24
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-4.4.4.0/24-5.5.5.0/24]:Phase=2 force
-C set [IPsec-4.4.4.0/24-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-4.4.4.0/24-5.5.5.0/24]:Configuration=qm-4.4.4.0/24-5.5.5.0/24 force
-C set [IPsec-4.4.4.0/24-5.5.5.0/24]:Local-ID=lid-4.4.4.0/24 force
-C set [IPsec-4.4.4.0/24-5.5.5.0/24]:Remote-ID=rid-5.5.5.0/24 force
-C set [qm-4.4.4.0/24-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-4.4.4.0/24-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-4.4.4.0/24]:Network=4.4.4.0 force
-C set [lid-4.4.4.0/24]:Netmask=255.255.255.0 force
-C set [rid-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-5.5.5.0/24]:Network=5.5.5.0 force
-C set [rid-5.5.5.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-4.4.4.0/24-5.5.5.0/24
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-4.4.4.0/24-to-5.5.5.0/24]:Phase=2 force
+C set [from-4.4.4.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-4.4.4.0/24-to-5.5.5.0/24]:Configuration=phase2-from-4.4.4.0/24-to-5.5.5.0/24 force
+C set [from-4.4.4.0/24-to-5.5.5.0/24]:Local-ID=from-4.4.4.0/24 force
+C set [from-4.4.4.0/24-to-5.5.5.0/24]:Remote-ID=to-5.5.5.0/24 force
+C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-4.4.4.0/24]:Network=4.4.4.0 force
+C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
+C set [to-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-5.5.5.0/24]:Network=5.5.5.0 force
+C set [to-5.5.5.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-4.4.4.0/24-to-5.5.5.0/24
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-4.4.4.0/24-6.6.6.0/24]:Phase=2 force
-C set [IPsec-4.4.4.0/24-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-4.4.4.0/24-6.6.6.0/24]:Configuration=qm-4.4.4.0/24-6.6.6.0/24 force
-C set [IPsec-4.4.4.0/24-6.6.6.0/24]:Local-ID=lid-4.4.4.0/24 force
-C set [IPsec-4.4.4.0/24-6.6.6.0/24]:Remote-ID=rid-6.6.6.0/24 force
-C set [qm-4.4.4.0/24-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-4.4.4.0/24-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-4.4.4.0/24]:Network=4.4.4.0 force
-C set [lid-4.4.4.0/24]:Netmask=255.255.255.0 force
-C set [rid-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-6.6.6.0/24]:Network=6.6.6.0 force
-C set [rid-6.6.6.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-4.4.4.0/24-6.6.6.0/24
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-4.4.4.0/24-to-6.6.6.0/24]:Phase=2 force
+C set [from-4.4.4.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-4.4.4.0/24-to-6.6.6.0/24]:Configuration=phase2-from-4.4.4.0/24-to-6.6.6.0/24 force
+C set [from-4.4.4.0/24-to-6.6.6.0/24]:Local-ID=from-4.4.4.0/24 force
+C set [from-4.4.4.0/24-to-6.6.6.0/24]:Remote-ID=to-6.6.6.0/24 force
+C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-4.4.4.0/24]:Network=4.4.4.0 force
+C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
+C set [to-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-6.6.6.0/24]:Network=6.6.6.0 force
+C set [to-6.6.6.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-4.4.4.0/24-to-6.6.6.0/24
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-4.4.4.0/24-7.7.7.0/24]:Phase=2 force
-C set [IPsec-4.4.4.0/24-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-4.4.4.0/24-7.7.7.0/24]:Configuration=qm-4.4.4.0/24-7.7.7.0/24 force
-C set [IPsec-4.4.4.0/24-7.7.7.0/24]:Local-ID=lid-4.4.4.0/24 force
-C set [IPsec-4.4.4.0/24-7.7.7.0/24]:Remote-ID=rid-7.7.7.0/24 force
-C set [qm-4.4.4.0/24-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-4.4.4.0/24-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-4.4.4.0/24]:Network=4.4.4.0 force
-C set [lid-4.4.4.0/24]:Netmask=255.255.255.0 force
-C set [rid-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-7.7.7.0/24]:Network=7.7.7.0 force
-C set [rid-7.7.7.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-4.4.4.0/24-7.7.7.0/24
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-4.4.4.0/24-to-7.7.7.0/24]:Phase=2 force
+C set [from-4.4.4.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-4.4.4.0/24-to-7.7.7.0/24]:Configuration=phase2-from-4.4.4.0/24-to-7.7.7.0/24 force
+C set [from-4.4.4.0/24-to-7.7.7.0/24]:Local-ID=from-4.4.4.0/24 force
+C set [from-4.4.4.0/24-to-7.7.7.0/24]:Remote-ID=to-7.7.7.0/24 force
+C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-4.4.4.0/24]:Network=4.4.4.0 force
+C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
+C set [to-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-7.7.7.0/24]:Network=7.7.7.0 force
+C set [to-7.7.7.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-4.4.4.0/24-to-7.7.7.0/24
diff --git a/regress/sbin/ipsecctl/ike15.ok b/regress/sbin/ipsecctl/ike15.ok
index 0e545f5f52d..db08bff6467 100644
--- a/regress/sbin/ipsecctl/ike15.ok
+++ b/regress/sbin/ipsecctl/ike15.ok
@@ -1,26 +1,26 @@
C set [Phase 1]:3ffe::1=peer-3ffe::1 force
C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
-C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force
-C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-3ffe::1]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-3ffe::1]:Remote-ID=3ffe::1-ID force
-C set [3ffe::1-ID]:ID-type=FQDN force
-C set [3ffe::1-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::1 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
+C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-3ffe::1]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-3ffe::1]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::1 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Remote-ID=to-10.1.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.2.0/24]:Network=10.1.2.0 force
+C set [to-10.1.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
diff --git a/regress/sbin/ipsecctl/ike16.ok b/regress/sbin/ipsecctl/ike16.ok
index f86a620f459..ff6deccc8fd 100644
--- a/regress/sbin/ipsecctl/ike16.ok
+++ b/regress/sbin/ipsecctl/ike16.ok
@@ -1,50 +1,50 @@
C set [Phase 1]:3ffe::29=peer-3ffe::29 force
C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
-C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force
-C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::29]:Transforms=3DES-SHA-GRP15-RSA_SIG force
-C set [peer-3ffe::29]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-3ffe::29]:Remote-ID=3ffe::29-ID force
-C set [3ffe::29-ID]:ID-type=FQDN force
-C set [3ffe::29-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::29 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-3DES-SHA-PFS-GRP15-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
+C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::29]:Transforms=3DES-SHA-GRP15-RSA_SIG force
+C set [peer-3ffe::29]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-3ffe::29]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::29 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Remote-ID=to-10.1.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=QM-ESP-3DES-SHA-PFS-GRP15-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.2.0/24]:Network=10.1.2.0 force
+C set [to-10.1.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
C set [Phase 1]:3ffe::29=peer-3ffe::29 force
C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
-C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force
-C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::29]:Transforms=AES-SHA-GRP15-RSA_SIG force
-C set [peer-3ffe::29]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-3ffe::29]:Remote-ID=3ffe::29-ID force
-C set [3ffe::29-ID]:ID-type=FQDN force
-C set [3ffe::29-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-3ffe::51-3ffe::29]:Phase=2 force
-C set [IPsec-3ffe::51-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Configuration=qm-3ffe::51-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Local-ID=lid-3ffe::51 force
-C set [IPsec-3ffe::51-3ffe::29]:Remote-ID=rid-3ffe::29 force
-C set [qm-3ffe::51-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::51-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
-C set [lid-3ffe::51]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::51]:Address=3ffe::51 force
-C set [rid-3ffe::29]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::29]:Address=3ffe::29 force
-C add [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
+C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
+C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::29]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [peer-3ffe::29]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-3ffe::29]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-3ffe::51-to-3ffe::29]:Phase=2 force
+C set [from-3ffe::51-to-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Configuration=phase2-from-3ffe::51-to-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Local-ID=from-3ffe::51 force
+C set [from-3ffe::51-to-3ffe::29]:Remote-ID=to-3ffe::29 force
+C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [from-3ffe::51]:ID-type=IPV6_ADDR force
+C set [from-3ffe::51]:Address=3ffe::51 force
+C set [to-3ffe::29]:ID-type=IPV6_ADDR force
+C set [to-3ffe::29]:Address=3ffe::29 force
+C add [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
diff --git a/regress/sbin/ipsecctl/ike17.ok b/regress/sbin/ipsecctl/ike17.ok
index 2907516ed91..1c92080f890 100644
--- a/regress/sbin/ipsecctl/ike17.ok
+++ b/regress/sbin/ipsecctl/ike17.ok
@@ -1,38 +1,38 @@
C set [Phase 1]:3ffe::29=peer-3ffe::29 force
C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
-C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force
-C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::29 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
+C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::29 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Remote-ID=to-10.1.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.2.0/24]:Network=10.1.2.0 force
+C set [to-10.1.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
C set [Phase 1]:3ffe::29=peer-3ffe::29 force
C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
-C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force
-C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::51-3ffe::29]:Phase=2 force
-C set [IPsec-3ffe::51-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Configuration=qm-3ffe::51-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Local-ID=lid-3ffe::51 force
-C set [IPsec-3ffe::51-3ffe::29]:Remote-ID=rid-3ffe::29 force
-C set [qm-3ffe::51-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::51-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::51]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::51]:Address=3ffe::51 force
-C set [rid-3ffe::29]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::29]:Address=3ffe::29 force
-C add [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
+C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
+C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::51-to-3ffe::29]:Phase=2 force
+C set [from-3ffe::51-to-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Configuration=phase2-from-3ffe::51-to-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Local-ID=from-3ffe::51 force
+C set [from-3ffe::51-to-3ffe::29]:Remote-ID=to-3ffe::29 force
+C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::51]:ID-type=IPV6_ADDR force
+C set [from-3ffe::51]:Address=3ffe::51 force
+C set [to-3ffe::29]:ID-type=IPV6_ADDR force
+C set [to-3ffe::29]:Address=3ffe::29 force
+C add [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
diff --git a/regress/sbin/ipsecctl/ike18.ok b/regress/sbin/ipsecctl/ike18.ok
index 921141fe4a5..f9cd33a4eda 100644
--- a/regress/sbin/ipsecctl/ike18.ok
+++ b/regress/sbin/ipsecctl/ike18.ok
@@ -1,38 +1,38 @@
C set [Phase 1]:3ffe::51=peer-3ffe::51 force
C set [peer-3ffe::51]:Phase=1 force
C set [peer-3ffe::51]:Address=3ffe::51 force
-C set [peer-3ffe::51]:Configuration=mm-3ffe::51 force
-C set [mm-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::51]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Phase=2 force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:ISAKMP-peer=peer-3ffe::51 force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Configuration=qm-10.1.2.0/24-10.1.1.0/24 force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Local-ID=lid-10.1.2.0/24 force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Remote-ID=rid-10.1.1.0/24 force
-C set [qm-10.1.2.0/24-10.1.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.2.0/24-10.1.1.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [lid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [rid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Passive-Connections=IPsec-10.1.2.0/24-10.1.1.0/24
+C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force
+C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::51]:Transforms=AES-SHA-RSA_SIG force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:Phase=2 force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:ISAKMP-peer=peer-3ffe::51 force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:Configuration=phase2-from-10.1.2.0/24-to-10.1.1.0/24 force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:Local-ID=from-10.1.2.0/24 force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:Remote-ID=to-10.1.1.0/24 force
+C set [phase2-from-10.1.2.0/24-to-10.1.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.2.0/24-to-10.1.1.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.2.0/24]:Network=10.1.2.0 force
+C set [from-10.1.2.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.1.0/24]:Network=10.1.1.0 force
+C set [to-10.1.1.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Passive-Connections=from-10.1.2.0/24-to-10.1.1.0/24
C set [Phase 1]:3ffe::51=peer-3ffe::51 force
C set [peer-3ffe::51]:Phase=1 force
C set [peer-3ffe::51]:Address=3ffe::51 force
-C set [peer-3ffe::51]:Configuration=mm-3ffe::51 force
-C set [mm-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::51]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::29-3ffe::51]:Phase=2 force
-C set [IPsec-3ffe::29-3ffe::51]:ISAKMP-peer=peer-3ffe::51 force
-C set [IPsec-3ffe::29-3ffe::51]:Configuration=qm-3ffe::29-3ffe::51 force
-C set [IPsec-3ffe::29-3ffe::51]:Local-ID=lid-3ffe::29 force
-C set [IPsec-3ffe::29-3ffe::51]:Remote-ID=rid-3ffe::51 force
-C set [qm-3ffe::29-3ffe::51]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::29-3ffe::51]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::29]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::29]:Address=3ffe::29 force
-C set [rid-3ffe::51]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::51]:Address=3ffe::51 force
-C add [Phase 2]:Passive-Connections=IPsec-3ffe::29-3ffe::51
+C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force
+C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::51]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::29-to-3ffe::51]:Phase=2 force
+C set [from-3ffe::29-to-3ffe::51]:ISAKMP-peer=peer-3ffe::51 force
+C set [from-3ffe::29-to-3ffe::51]:Configuration=phase2-from-3ffe::29-to-3ffe::51 force
+C set [from-3ffe::29-to-3ffe::51]:Local-ID=from-3ffe::29 force
+C set [from-3ffe::29-to-3ffe::51]:Remote-ID=to-3ffe::51 force
+C set [phase2-from-3ffe::29-to-3ffe::51]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::29-to-3ffe::51]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::29]:ID-type=IPV6_ADDR force
+C set [from-3ffe::29]:Address=3ffe::29 force
+C set [to-3ffe::51]:ID-type=IPV6_ADDR force
+C set [to-3ffe::51]:Address=3ffe::51 force
+C add [Phase 2]:Passive-Connections=from-3ffe::29-to-3ffe::51
diff --git a/regress/sbin/ipsecctl/ike19.ok b/regress/sbin/ipsecctl/ike19.ok
index 983ee8e92b2..fd7c14810b3 100644
--- a/regress/sbin/ipsecctl/ike19.ok
+++ b/regress/sbin/ipsecctl/ike19.ok
@@ -1,19 +1,19 @@
C set [Phase 1]:3ffe::1=peer-3ffe::1 force
C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
-C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force
-C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Phase=2 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:ISAKMP-peer=peer-3ffe::1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Configuration=qm-1.1.1.1-0.0.0.0/0 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force
-C set [qm-1.1.1.1-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
+C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
+C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-3ffe::1 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
diff --git a/regress/sbin/ipsecctl/ike2.ok b/regress/sbin/ipsecctl/ike2.ok
index 6642e436d06..ea58311e666 100644
--- a/regress/sbin/ipsecctl/ike2.ok
+++ b/regress/sbin/ipsecctl/ike2.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:131.188.33.29=peer-131.188.33.29 force
C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
-C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force
-C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
+C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Remote-ID=to-10.1.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.2.0/24]:Network=10.1.2.0 force
+C set [to-10.1.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
diff --git a/regress/sbin/ipsecctl/ike20.ok b/regress/sbin/ipsecctl/ike20.ok
index e4d181ed6f2..ff637adcfe1 100644
--- a/regress/sbin/ipsecctl/ike20.ok
+++ b/regress/sbin/ipsecctl/ike20.ok
@@ -1,40 +1,40 @@
-C set [Phase 1]:192.168.3.1=peer-192.168.3.1 force
-C set [peer-192.168.3.1]:Phase=1 force
-C set [peer-192.168.3.1]:Address=192.168.3.1 force
-C set [peer-192.168.3.1]:Local-address=192.168.3.2 force
-C set [peer-192.168.3.1]:Configuration=mm-192.168.3.1 force
-C set [mm-192.168.3.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-192.168.3.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Phase=2 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Configuration=qm-1.1.1.1-0.0.0.0/0 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force
-C set [qm-1.1.1.1-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
-C set [Phase 1]:192.168.3.1=peer-192.168.3.1 force
-C set [peer-192.168.3.1]:Phase=1 force
-C set [peer-192.168.3.1]:Address=192.168.3.1 force
-C set [peer-192.168.3.1]:Local-address=192.168.3.2 force
-C set [peer-192.168.3.1]:Configuration=mm-192.168.3.1 force
-C set [mm-192.168.3.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-192.168.3.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Phase=2 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Configuration=qm-1.1.1.1-0.0.0.0/0 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force
-C set [qm-1.1.1.1-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
+C set [Phase 1]:192.168.3.1=peer-192.168.3.1-local-192.168.3.2 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Phase=1 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Address=192.168.3.1 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Local-address=192.168.3.2 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Configuration=phase1-peer-192.168.3.1-local-192.168.3.2 force
+C set [phase1-peer-192.168.3.1-local-192.168.3.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1-local-192.168.3.2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
+C set [Phase 1]:192.168.3.1=peer-192.168.3.1-local-192.168.3.2 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Phase=1 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Address=192.168.3.1 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Local-address=192.168.3.2 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Configuration=phase1-peer-192.168.3.1-local-192.168.3.2 force
+C set [phase1-peer-192.168.3.1-local-192.168.3.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1-local-192.168.3.2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
diff --git a/regress/sbin/ipsecctl/ike21.ok b/regress/sbin/ipsecctl/ike21.ok
index 80082e5178c..4767206f21b 100644
--- a/regress/sbin/ipsecctl/ike21.ok
+++ b/regress/sbin/ipsecctl/ike21.ok
@@ -1,18 +1,18 @@
C set [Phase 1]:3ffe::2=peer-3ffe::2 force
C set [peer-3ffe::2]:Phase=1 force
C set [peer-3ffe::2]:Address=3ffe::2 force
-C set [peer-3ffe::2]:Configuration=mm-3ffe::2 force
-C set [mm-3ffe::2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::1-3ffe::2]:Phase=2 force
-C set [IPsec-3ffe::1-3ffe::2]:ISAKMP-peer=peer-3ffe::2 force
-C set [IPsec-3ffe::1-3ffe::2]:Configuration=qm-3ffe::1-3ffe::2 force
-C set [IPsec-3ffe::1-3ffe::2]:Local-ID=lid-3ffe::1 force
-C set [IPsec-3ffe::1-3ffe::2]:Remote-ID=rid-3ffe::2 force
-C set [qm-3ffe::1-3ffe::2]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::1-3ffe::2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::1]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::1]:Address=3ffe::1 force
-C set [rid-3ffe::2]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::2]:Address=3ffe::2 force
-C add [Phase 2]:Connections=IPsec-3ffe::1-3ffe::2
+C set [peer-3ffe::2]:Configuration=phase1-peer-3ffe::2 force
+C set [phase1-peer-3ffe::2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::1-to-3ffe::2]:Phase=2 force
+C set [from-3ffe::1-to-3ffe::2]:ISAKMP-peer=peer-3ffe::2 force
+C set [from-3ffe::1-to-3ffe::2]:Configuration=phase2-from-3ffe::1-to-3ffe::2 force
+C set [from-3ffe::1-to-3ffe::2]:Local-ID=from-3ffe::1 force
+C set [from-3ffe::1-to-3ffe::2]:Remote-ID=to-3ffe::2 force
+C set [phase2-from-3ffe::1-to-3ffe::2]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::1-to-3ffe::2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::1]:ID-type=IPV6_ADDR force
+C set [from-3ffe::1]:Address=3ffe::1 force
+C set [to-3ffe::2]:ID-type=IPV6_ADDR force
+C set [to-3ffe::2]:Address=3ffe::2 force
+C add [Phase 2]:Connections=from-3ffe::1-to-3ffe::2
diff --git a/regress/sbin/ipsecctl/ike22.ok b/regress/sbin/ipsecctl/ike22.ok
index b83f728152f..e037df8f198 100644
--- a/regress/sbin/ipsecctl/ike22.ok
+++ b/regress/sbin/ipsecctl/ike22.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:3ffe::1=peer-3ffe::1 force
C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
-C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force
-C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::1 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
+C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::1 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Remote-ID=to-10.1.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.2.0/24]:Network=10.1.2.0 force
+C set [to-10.1.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
diff --git a/regress/sbin/ipsecctl/ike23.ok b/regress/sbin/ipsecctl/ike23.ok
index 757db5a7315..00c58f8e05f 100644
--- a/regress/sbin/ipsecctl/ike23.ok
+++ b/regress/sbin/ipsecctl/ike23.ok
@@ -1,24 +1,24 @@
C set [Phase 1]:3ffe::29=peer-3ffe::29 force
C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
-C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force
-C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-3ffe::29]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-3ffe::29]:Remote-ID=3ffe::29-ID force
-C set [3ffe::29-ID]:ID-type=FQDN force
-C set [3ffe::29-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-3ffe::51-3ffe::29]:Phase=2 force
-C set [IPsec-3ffe::51-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Configuration=qm-3ffe::51-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Local-ID=lid-3ffe::51 force
-C set [IPsec-3ffe::51-3ffe::29]:Remote-ID=rid-3ffe::29 force
-C set [qm-3ffe::51-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::51-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::51]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::51]:Address=3ffe::51 force
-C set [rid-3ffe::29]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::29]:Address=3ffe::29 force
-C add [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
+C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
+C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-3ffe::29]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-3ffe::29]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-3ffe::51-to-3ffe::29]:Phase=2 force
+C set [from-3ffe::51-to-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Configuration=phase2-from-3ffe::51-to-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Local-ID=from-3ffe::51 force
+C set [from-3ffe::51-to-3ffe::29]:Remote-ID=to-3ffe::29 force
+C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::51]:ID-type=IPV6_ADDR force
+C set [from-3ffe::51]:Address=3ffe::51 force
+C set [to-3ffe::29]:ID-type=IPV6_ADDR force
+C set [to-3ffe::29]:Address=3ffe::29 force
+C add [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
diff --git a/regress/sbin/ipsecctl/ike29.ok b/regress/sbin/ipsecctl/ike29.ok
index ba6e2875e00..e0ac9d528ff 100644
--- a/regress/sbin/ipsecctl/ike29.ok
+++ b/regress/sbin/ipsecctl/ike29.ok
@@ -3,23 +3,23 @@ C set [General]:DPD-check-interval=5 force
C set [Phase 1]:3ffe:2::1=peer-3ffe:2::1 force
C set [peer-3ffe:2::1]:Phase=1 force
C set [peer-3ffe:2::1]:Address=3ffe:2::1 force
-C set [peer-3ffe:2::1]:Configuration=mm-3ffe:2::1 force
-C set [mm-3ffe:2::1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe:2::1]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-3ffe:2::1]:ID=noname.my.domain-ID force
-C set [noname.my.domain-ID]:ID-type=FQDN force
-C set [noname.my.domain-ID]:Name=noname.my.domain force
-C set [IPsec-3ffe:3::/64-3ffe:4::/64]:Phase=2 force
-C set [IPsec-3ffe:3::/64-3ffe:4::/64]:ISAKMP-peer=peer-3ffe:2::1 force
-C set [IPsec-3ffe:3::/64-3ffe:4::/64]:Configuration=qm-3ffe:3::/64-3ffe:4::/64 force
-C set [IPsec-3ffe:3::/64-3ffe:4::/64]:Local-ID=lid-3ffe:3::/64 force
-C set [IPsec-3ffe:3::/64-3ffe:4::/64]:Remote-ID=rid-3ffe:4::/64 force
-C set [qm-3ffe:3::/64-3ffe:4::/64]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe:3::/64-3ffe:4::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe:3::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-3ffe:3::/64]:Network=3ffe:3:: force
-C set [lid-3ffe:3::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C set [rid-3ffe:4::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-3ffe:4::/64]:Network=3ffe:4:: force
-C set [rid-3ffe:4::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C add [Phase 2]:Connections=IPsec-3ffe:3::/64-3ffe:4::/64
+C set [peer-3ffe:2::1]:Configuration=phase1-peer-3ffe:2::1 force
+C set [phase1-peer-3ffe:2::1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe:2::1]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-3ffe:2::1]:ID=id-noname.my.domain force
+C set [id-noname.my.domain]:ID-type=FQDN force
+C set [id-noname.my.domain]:Name=noname.my.domain force
+C set [from-3ffe:3::/64-to-3ffe:4::/64]:Phase=2 force
+C set [from-3ffe:3::/64-to-3ffe:4::/64]:ISAKMP-peer=peer-3ffe:2::1 force
+C set [from-3ffe:3::/64-to-3ffe:4::/64]:Configuration=phase2-from-3ffe:3::/64-to-3ffe:4::/64 force
+C set [from-3ffe:3::/64-to-3ffe:4::/64]:Local-ID=from-3ffe:3::/64 force
+C set [from-3ffe:3::/64-to-3ffe:4::/64]:Remote-ID=to-3ffe:4::/64 force
+C set [phase2-from-3ffe:3::/64-to-3ffe:4::/64]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe:3::/64-to-3ffe:4::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe:3::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-3ffe:3::/64]:Network=3ffe:3:: force
+C set [from-3ffe:3::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C set [to-3ffe:4::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-3ffe:4::/64]:Network=3ffe:4:: force
+C set [to-3ffe:4::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C add [Phase 2]:Connections=from-3ffe:3::/64-to-3ffe:4::/64
diff --git a/regress/sbin/ipsecctl/ike3.ok b/regress/sbin/ipsecctl/ike3.ok
index be6f28aebb5..0c8bc8eb764 100644
--- a/regress/sbin/ipsecctl/ike3.ok
+++ b/regress/sbin/ipsecctl/ike3.ok
@@ -1,24 +1,24 @@
C set [Phase 1]:131.188.33.29=peer-131.188.33.29 force
C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
-C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force
-C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-131.188.33.29]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-131.188.33.29]:Remote-ID=131.188.33.29-ID force
-C set [131.188.33.29-ID]:ID-type=FQDN force
-C set [131.188.33.29-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-131.188.33.51-131.188.33.29]:Phase=2 force
-C set [IPsec-131.188.33.51-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Configuration=qm-131.188.33.51-131.188.33.29 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Local-ID=lid-131.188.33.51 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Remote-ID=rid-131.188.33.29 force
-C set [qm-131.188.33.51-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-131.188.33.51-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-131.188.33.51]:ID-type=IPV4_ADDR force
-C set [lid-131.188.33.51]:Address=131.188.33.51 force
-C set [rid-131.188.33.29]:ID-type=IPV4_ADDR force
-C set [rid-131.188.33.29]:Address=131.188.33.29 force
-C add [Phase 2]:Connections=IPsec-131.188.33.51-131.188.33.29
+C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
+C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-131.188.33.29]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-131.188.33.29]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-131.188.33.51-to-131.188.33.29]:Phase=2 force
+C set [from-131.188.33.51-to-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
+C set [from-131.188.33.51-to-131.188.33.29]:Configuration=phase2-from-131.188.33.51-to-131.188.33.29 force
+C set [from-131.188.33.51-to-131.188.33.29]:Local-ID=from-131.188.33.51 force
+C set [from-131.188.33.51-to-131.188.33.29]:Remote-ID=to-131.188.33.29 force
+C set [phase2-from-131.188.33.51-to-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-131.188.33.51-to-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-131.188.33.51]:ID-type=IPV4_ADDR force
+C set [from-131.188.33.51]:Address=131.188.33.51 force
+C set [to-131.188.33.29]:ID-type=IPV4_ADDR force
+C set [to-131.188.33.29]:Address=131.188.33.29 force
+C add [Phase 2]:Connections=from-131.188.33.51-to-131.188.33.29
diff --git a/regress/sbin/ipsecctl/ike30.ok b/regress/sbin/ipsecctl/ike30.ok
index d4856f07988..297f4293c9e 100644
--- a/regress/sbin/ipsecctl/ike30.ok
+++ b/regress/sbin/ipsecctl/ike30.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:3ffe::2=peer-3ffe::2 force
C set [peer-3ffe::2]:Phase=1 force
C set [peer-3ffe::2]:Address=3ffe::2 force
-C set [peer-3ffe::2]:Configuration=mm-3ffe::2 force
-C set [mm-3ffe::2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::1:0-97-3ffe::2:0-97]:Phase=2 force
-C set [IPsec-3ffe::1:0-97-3ffe::2:0-97]:ISAKMP-peer=peer-3ffe::2 force
-C set [IPsec-3ffe::1:0-97-3ffe::2:0-97]:Configuration=qm-3ffe::1:0-97-3ffe::2:0-97 force
-C set [IPsec-3ffe::1:0-97-3ffe::2:0-97]:Local-ID=lid-3ffe::1:0-97 force
-C set [IPsec-3ffe::1:0-97-3ffe::2:0-97]:Remote-ID=rid-3ffe::2:0-97 force
-C set [qm-3ffe::1:0-97-3ffe::2:0-97]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::1:0-97-3ffe::2:0-97]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::1:0-97]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::1:0-97]:Address=3ffe::1 force
-C set [rid-3ffe::2:0-97]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::2:0-97]:Address=3ffe::2 force
-C set [lid-3ffe::1:0-97]:Protocol=97 force
-C set [rid-3ffe::2:0-97]:Protocol=97 force
-C add [Phase 2]:Connections=IPsec-3ffe::1:0-97-3ffe::2:0-97
+C set [peer-3ffe::2]:Configuration=phase1-peer-3ffe::2 force
+C set [phase1-peer-3ffe::2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::1=97-to-3ffe::2=97]:Phase=2 force
+C set [from-3ffe::1=97-to-3ffe::2=97]:ISAKMP-peer=peer-3ffe::2 force
+C set [from-3ffe::1=97-to-3ffe::2=97]:Configuration=phase2-from-3ffe::1=97-to-3ffe::2=97 force
+C set [from-3ffe::1=97-to-3ffe::2=97]:Local-ID=from-3ffe::1=97 force
+C set [from-3ffe::1=97-to-3ffe::2=97]:Remote-ID=to-3ffe::2=97 force
+C set [phase2-from-3ffe::1=97-to-3ffe::2=97]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::1=97-to-3ffe::2=97]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::1=97]:ID-type=IPV6_ADDR force
+C set [from-3ffe::1=97]:Address=3ffe::1 force
+C set [to-3ffe::2=97]:ID-type=IPV6_ADDR force
+C set [to-3ffe::2=97]:Address=3ffe::2 force
+C set [from-3ffe::1=97]:Protocol=97 force
+C set [to-3ffe::2=97]:Protocol=97 force
+C add [Phase 2]:Connections=from-3ffe::1=97-to-3ffe::2=97
diff --git a/regress/sbin/ipsecctl/ike31.ok b/regress/sbin/ipsecctl/ike31.ok
index 8ece3d3eddf..eee8b862e70 100644
--- a/regress/sbin/ipsecctl/ike31.ok
+++ b/regress/sbin/ipsecctl/ike31.ok
@@ -1,19 +1,19 @@
C set [Phase 1]:3ffe::1=peer-3ffe::1 force
C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
-C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force
-C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe:2::1-::/0]:Phase=2 force
-C set [IPsec-3ffe:2::1-::/0]:ISAKMP-peer=peer-3ffe::1 force
-C set [IPsec-3ffe:2::1-::/0]:Configuration=qm-3ffe:2::1-::/0 force
-C set [IPsec-3ffe:2::1-::/0]:Local-ID=lid-3ffe:2::1 force
-C set [IPsec-3ffe:2::1-::/0]:Remote-ID=rid-::/0 force
-C set [qm-3ffe:2::1-::/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe:2::1-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe:2::1]:ID-type=IPV6_ADDR force
-C set [lid-3ffe:2::1]:Address=3ffe:2::1 force
-C set [rid-::/0]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-::/0]:Network=:: force
-C set [rid-::/0]:Netmask=:: force
-C add [Phase 2]:Connections=IPsec-3ffe:2::1-::/0
+C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
+C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe:2::1-to-::/0]:Phase=2 force
+C set [from-3ffe:2::1-to-::/0]:ISAKMP-peer=peer-3ffe::1 force
+C set [from-3ffe:2::1-to-::/0]:Configuration=phase2-from-3ffe:2::1-to-::/0 force
+C set [from-3ffe:2::1-to-::/0]:Local-ID=from-3ffe:2::1 force
+C set [from-3ffe:2::1-to-::/0]:Remote-ID=to-::/0 force
+C set [phase2-from-3ffe:2::1-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe:2::1-to-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe:2::1]:ID-type=IPV6_ADDR force
+C set [from-3ffe:2::1]:Address=3ffe:2::1 force
+C set [to-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-::/0]:Network=:: force
+C set [to-::/0]:Netmask=:: force
+C add [Phase 2]:Connections=from-3ffe:2::1-to-::/0
diff --git a/regress/sbin/ipsecctl/ike32.ok b/regress/sbin/ipsecctl/ike32.ok
index f45965c03ca..d2512e43795 100644
--- a/regress/sbin/ipsecctl/ike32.ok
+++ b/regress/sbin/ipsecctl/ike32.ok
@@ -2,18 +2,18 @@ C set [General]:Default-phase-2-lifetime=1200 force
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force
-C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-2.2.2.2]:ID-type=IPV4_ADDR force
-C set [rid-2.2.2.2]:Address=2.2.2.2 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
+C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-2.2.2.2]:Remote-ID=to-2.2.2.2 force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
+C set [to-2.2.2.2]:Address=2.2.2.2 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
diff --git a/regress/sbin/ipsecctl/ike33.ok b/regress/sbin/ipsecctl/ike33.ok
index ce33fbe4545..a26b9bbec77 100644
--- a/regress/sbin/ipsecctl/ike33.ok
+++ b/regress/sbin/ipsecctl/ike33.ok
@@ -2,18 +2,18 @@ C set [General]:Default-phase-1-lifetime=3600 force
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force
-C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-2.2.2.2]:ID-type=IPV4_ADDR force
-C set [rid-2.2.2.2]:Address=2.2.2.2 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
+C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-2.2.2.2]:Remote-ID=to-2.2.2.2 force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
+C set [to-2.2.2.2]:Address=2.2.2.2 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
diff --git a/regress/sbin/ipsecctl/ike34.ok b/regress/sbin/ipsecctl/ike34.ok
index 48b30a40058..d235efec245 100644
--- a/regress/sbin/ipsecctl/ike34.ok
+++ b/regress/sbin/ipsecctl/ike34.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:1.2.3.4=peer-1.2.3.4 force
C set [peer-1.2.3.4]:Phase=1 force
C set [peer-1.2.3.4]:Address=1.2.3.4 force
-C set [peer-1.2.3.4]:Configuration=mm-1.2.3.4 force
-C set [mm-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.2.3.4]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Phase=2 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:ISAKMP-peer=peer-1.2.3.4 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Configuration=qm-3ffe::1/24-3ffe:2::/24 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Local-ID=lid-3ffe::1/24 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Remote-ID=rid-3ffe:2::/24 force
-C set [qm-3ffe::1/24-3ffe:2::/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::1/24-3ffe:2::/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-3ffe::1/24]:Network=3ffe::1 force
-C set [lid-3ffe::1/24]:Netmask=ffff:ff00:: force
-C set [rid-3ffe:2::/24]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-3ffe:2::/24]:Network=3ffe:2:: force
-C set [rid-3ffe:2::/24]:Netmask=ffff:ff00:: force
-C add [Phase 2]:Connections=IPsec-3ffe::1/24-3ffe:2::/24
+C set [peer-1.2.3.4]:Configuration=phase1-peer-1.2.3.4 force
+C set [phase1-peer-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.2.3.4]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Phase=2 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:ISAKMP-peer=peer-1.2.3.4 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Configuration=phase2-from-3ffe::1/24-to-3ffe:2::/24 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Local-ID=from-3ffe::1/24 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Remote-ID=to-3ffe:2::/24 force
+C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-3ffe::1/24]:Network=3ffe::1 force
+C set [from-3ffe::1/24]:Netmask=ffff:ff00:: force
+C set [to-3ffe:2::/24]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-3ffe:2::/24]:Network=3ffe:2:: force
+C set [to-3ffe:2::/24]:Netmask=ffff:ff00:: force
+C add [Phase 2]:Connections=from-3ffe::1/24-to-3ffe:2::/24
diff --git a/regress/sbin/ipsecctl/ike35.ok b/regress/sbin/ipsecctl/ike35.ok
index 50f6a5f2d04..d74993925f9 100644
--- a/regress/sbin/ipsecctl/ike35.ok
+++ b/regress/sbin/ipsecctl/ike35.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:1.2.3.4=peer-1.2.3.4 force
C set [peer-1.2.3.4]:Phase=1 force
C set [peer-1.2.3.4]:Address=1.2.3.4 force
-C set [peer-1.2.3.4]:Configuration=mm-1.2.3.4 force
-C set [mm-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.2.3.4]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe:2::/24-3ffe::1/24]:Phase=2 force
-C set [IPsec-3ffe:2::/24-3ffe::1/24]:ISAKMP-peer=peer-1.2.3.4 force
-C set [IPsec-3ffe:2::/24-3ffe::1/24]:Configuration=qm-3ffe:2::/24-3ffe::1/24 force
-C set [IPsec-3ffe:2::/24-3ffe::1/24]:Local-ID=lid-3ffe:2::/24 force
-C set [IPsec-3ffe:2::/24-3ffe::1/24]:Remote-ID=rid-3ffe::1/24 force
-C set [qm-3ffe:2::/24-3ffe::1/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe:2::/24-3ffe::1/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe:2::/24]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-3ffe:2::/24]:Network=3ffe:2:: force
-C set [lid-3ffe:2::/24]:Netmask=ffff:ff00:: force
-C set [rid-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-3ffe::1/24]:Network=3ffe::1 force
-C set [rid-3ffe::1/24]:Netmask=ffff:ff00:: force
-C add [Phase 2]:Connections=IPsec-3ffe:2::/24-3ffe::1/24
+C set [peer-1.2.3.4]:Configuration=phase1-peer-1.2.3.4 force
+C set [phase1-peer-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.2.3.4]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe:2::/24-to-3ffe::1/24]:Phase=2 force
+C set [from-3ffe:2::/24-to-3ffe::1/24]:ISAKMP-peer=peer-1.2.3.4 force
+C set [from-3ffe:2::/24-to-3ffe::1/24]:Configuration=phase2-from-3ffe:2::/24-to-3ffe::1/24 force
+C set [from-3ffe:2::/24-to-3ffe::1/24]:Local-ID=from-3ffe:2::/24 force
+C set [from-3ffe:2::/24-to-3ffe::1/24]:Remote-ID=to-3ffe::1/24 force
+C set [phase2-from-3ffe:2::/24-to-3ffe::1/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe:2::/24-to-3ffe::1/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe:2::/24]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-3ffe:2::/24]:Network=3ffe:2:: force
+C set [from-3ffe:2::/24]:Netmask=ffff:ff00:: force
+C set [to-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-3ffe::1/24]:Network=3ffe::1 force
+C set [to-3ffe::1/24]:Netmask=ffff:ff00:: force
+C add [Phase 2]:Connections=from-3ffe:2::/24-to-3ffe::1/24
diff --git a/regress/sbin/ipsecctl/ike36.ok b/regress/sbin/ipsecctl/ike36.ok
index 7e20d273efe..625c965089b 100644
--- a/regress/sbin/ipsecctl/ike36.ok
+++ b/regress/sbin/ipsecctl/ike36.ok
@@ -1,18 +1,18 @@
C set [Phase 1]:3ffe::1=peer-3ffe::1 force
C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
-C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force
-C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::3-3ffe::4]:Phase=2 force
-C set [IPsec-3ffe::3-3ffe::4]:ISAKMP-peer=peer-3ffe::1 force
-C set [IPsec-3ffe::3-3ffe::4]:Configuration=qm-3ffe::3-3ffe::4 force
-C set [IPsec-3ffe::3-3ffe::4]:Local-ID=lid-3ffe::3 force
-C set [IPsec-3ffe::3-3ffe::4]:Remote-ID=rid-3ffe::4 force
-C set [qm-3ffe::3-3ffe::4]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::3-3ffe::4]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::3]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::3]:Address=3ffe::3 force
-C set [rid-3ffe::4]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::4]:Address=3ffe::4 force
-C add [Phase 2]:Connections=IPsec-3ffe::3-3ffe::4
+C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
+C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::3-to-3ffe::4]:Phase=2 force
+C set [from-3ffe::3-to-3ffe::4]:ISAKMP-peer=peer-3ffe::1 force
+C set [from-3ffe::3-to-3ffe::4]:Configuration=phase2-from-3ffe::3-to-3ffe::4 force
+C set [from-3ffe::3-to-3ffe::4]:Local-ID=from-3ffe::3 force
+C set [from-3ffe::3-to-3ffe::4]:Remote-ID=to-3ffe::4 force
+C set [phase2-from-3ffe::3-to-3ffe::4]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::3-to-3ffe::4]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::3]:ID-type=IPV6_ADDR force
+C set [from-3ffe::3]:Address=3ffe::3 force
+C set [to-3ffe::4]:ID-type=IPV6_ADDR force
+C set [to-3ffe::4]:Address=3ffe::4 force
+C add [Phase 2]:Connections=from-3ffe::3-to-3ffe::4
diff --git a/regress/sbin/ipsecctl/ike37.ok b/regress/sbin/ipsecctl/ike37.ok
index 1968145afff..3a6fac15093 100644
--- a/regress/sbin/ipsecctl/ike37.ok
+++ b/regress/sbin/ipsecctl/ike37.ok
@@ -1,26 +1,26 @@
C set [Phase 1]:3ffe::1=peer-3ffe::1 force
C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
-C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force
-C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-3ffe::1]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-3ffe::1]:Remote-ID=3ffe::1-ID force
-C set [3ffe::1-ID]:ID-type=FQDN force
-C set [3ffe::1-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Phase=2 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::1 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Configuration=qm-3ffe:1::/64-3ffe:2::/64 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Local-ID=lid-3ffe:1::/64 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Remote-ID=rid-3ffe:2::/64 force
-C set [qm-3ffe:1::/64-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe:1::/64-3ffe:2::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-3ffe:1::/64]:Network=3ffe:1:: force
-C set [lid-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C set [rid-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-3ffe:2::/64]:Network=3ffe:2:: force
-C set [rid-3ffe:2::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C add [Phase 2]:Connections=IPsec-3ffe:1::/64-3ffe:2::/64
+C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
+C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-3ffe::1]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-3ffe::1]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Phase=2 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::1 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Configuration=phase2-from-3ffe:1::/64-to-3ffe:2::/64 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Local-ID=from-3ffe:1::/64 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Remote-ID=to-3ffe:2::/64 force
+C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-3ffe:1::/64]:Network=3ffe:1:: force
+C set [from-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C set [to-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-3ffe:2::/64]:Network=3ffe:2:: force
+C set [to-3ffe:2::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C add [Phase 2]:Connections=from-3ffe:1::/64-to-3ffe:2::/64
diff --git a/regress/sbin/ipsecctl/ike38.ok b/regress/sbin/ipsecctl/ike38.ok
index 13b74889d00..3ff4fa5a0df 100644
--- a/regress/sbin/ipsecctl/ike38.ok
+++ b/regress/sbin/ipsecctl/ike38.ok
@@ -1,50 +1,50 @@
C set [Phase 1]:3ffe::29=peer-3ffe::29 force
C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
-C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force
-C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::29]:Transforms=3DES-SHA-GRP15-RSA_SIG force
-C set [peer-3ffe::29]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-3ffe::29]:Remote-ID=3ffe::29-ID force
-C set [3ffe::29-ID]:ID-type=FQDN force
-C set [3ffe::29-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Phase=2 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::29 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Configuration=qm-3ffe:1::/64-3ffe:2::/64 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Local-ID=lid-3ffe:1::/64 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Remote-ID=rid-3ffe:2::/64 force
-C set [qm-3ffe:1::/64-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe:1::/64-3ffe:2::/64]:Suites=QM-ESP-3DES-SHA-PFS-GRP15-SUITE force
-C set [lid-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-3ffe:1::/64]:Network=3ffe:1:: force
-C set [lid-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C set [rid-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-3ffe:2::/64]:Network=3ffe:2:: force
-C set [rid-3ffe:2::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C add [Phase 2]:Connections=IPsec-3ffe:1::/64-3ffe:2::/64
+C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
+C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::29]:Transforms=3DES-SHA-GRP15-RSA_SIG force
+C set [peer-3ffe::29]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-3ffe::29]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Phase=2 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::29 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Configuration=phase2-from-3ffe:1::/64-to-3ffe:2::/64 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Local-ID=from-3ffe:1::/64 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Remote-ID=to-3ffe:2::/64 force
+C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:Suites=QM-ESP-3DES-SHA-PFS-GRP15-SUITE force
+C set [from-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-3ffe:1::/64]:Network=3ffe:1:: force
+C set [from-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C set [to-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-3ffe:2::/64]:Network=3ffe:2:: force
+C set [to-3ffe:2::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C add [Phase 2]:Connections=from-3ffe:1::/64-to-3ffe:2::/64
C set [Phase 1]:3ffe::29=peer-3ffe::29 force
C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
-C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force
-C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::29]:Transforms=AES-SHA-GRP15-RSA_SIG force
-C set [peer-3ffe::29]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-3ffe::29]:Remote-ID=3ffe::29-ID force
-C set [3ffe::29-ID]:ID-type=FQDN force
-C set [3ffe::29-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-3ffe::51-3ffe::29]:Phase=2 force
-C set [IPsec-3ffe::51-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Configuration=qm-3ffe::51-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Local-ID=lid-3ffe::51 force
-C set [IPsec-3ffe::51-3ffe::29]:Remote-ID=rid-3ffe::29 force
-C set [qm-3ffe::51-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::51-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
-C set [lid-3ffe::51]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::51]:Address=3ffe::51 force
-C set [rid-3ffe::29]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::29]:Address=3ffe::29 force
-C add [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
+C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
+C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::29]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [peer-3ffe::29]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-3ffe::29]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-3ffe::51-to-3ffe::29]:Phase=2 force
+C set [from-3ffe::51-to-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Configuration=phase2-from-3ffe::51-to-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Local-ID=from-3ffe::51 force
+C set [from-3ffe::51-to-3ffe::29]:Remote-ID=to-3ffe::29 force
+C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [from-3ffe::51]:ID-type=IPV6_ADDR force
+C set [from-3ffe::51]:Address=3ffe::51 force
+C set [to-3ffe::29]:ID-type=IPV6_ADDR force
+C set [to-3ffe::29]:Address=3ffe::29 force
+C add [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
diff --git a/regress/sbin/ipsecctl/ike39.ok b/regress/sbin/ipsecctl/ike39.ok
index c8506d80108..8018391ca54 100644
--- a/regress/sbin/ipsecctl/ike39.ok
+++ b/regress/sbin/ipsecctl/ike39.ok
@@ -1,38 +1,38 @@
C set [Phase 1]:3ffe::29=peer-3ffe::29 force
C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
-C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force
-C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Phase=2 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::29 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Configuration=qm-3ffe:1::/64-3ffe:2::/64 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Local-ID=lid-3ffe:1::/64 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Remote-ID=rid-3ffe:2::/64 force
-C set [qm-3ffe:1::/64-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe:1::/64-3ffe:2::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-3ffe:1::/64]:Network=3ffe:1:: force
-C set [lid-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C set [rid-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-3ffe:2::/64]:Network=3ffe:2:: force
-C set [rid-3ffe:2::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C add [Phase 2]:Connections=IPsec-3ffe:1::/64-3ffe:2::/64
+C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
+C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Phase=2 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::29 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Configuration=phase2-from-3ffe:1::/64-to-3ffe:2::/64 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Local-ID=from-3ffe:1::/64 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Remote-ID=to-3ffe:2::/64 force
+C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-3ffe:1::/64]:Network=3ffe:1:: force
+C set [from-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C set [to-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-3ffe:2::/64]:Network=3ffe:2:: force
+C set [to-3ffe:2::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C add [Phase 2]:Connections=from-3ffe:1::/64-to-3ffe:2::/64
C set [Phase 1]:3ffe::29=peer-3ffe::29 force
C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
-C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force
-C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::51-3ffe::29]:Phase=2 force
-C set [IPsec-3ffe::51-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Configuration=qm-3ffe::51-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Local-ID=lid-3ffe::51 force
-C set [IPsec-3ffe::51-3ffe::29]:Remote-ID=rid-3ffe::29 force
-C set [qm-3ffe::51-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::51-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::51]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::51]:Address=3ffe::51 force
-C set [rid-3ffe::29]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::29]:Address=3ffe::29 force
-C add [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
+C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
+C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::51-to-3ffe::29]:Phase=2 force
+C set [from-3ffe::51-to-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Configuration=phase2-from-3ffe::51-to-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Local-ID=from-3ffe::51 force
+C set [from-3ffe::51-to-3ffe::29]:Remote-ID=to-3ffe::29 force
+C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::51]:ID-type=IPV6_ADDR force
+C set [from-3ffe::51]:Address=3ffe::51 force
+C set [to-3ffe::29]:ID-type=IPV6_ADDR force
+C set [to-3ffe::29]:Address=3ffe::29 force
+C add [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
diff --git a/regress/sbin/ipsecctl/ike4.ok b/regress/sbin/ipsecctl/ike4.ok
index b9a2bf786ec..17ab6560fd9 100644
--- a/regress/sbin/ipsecctl/ike4.ok
+++ b/regress/sbin/ipsecctl/ike4.ok
@@ -1,26 +1,26 @@
C set [Phase 1]:131.188.33.29=peer-131.188.33.29 force
C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
-C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force
-C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-131.188.33.29]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-131.188.33.29]:Remote-ID=131.188.33.29-ID force
-C set [131.188.33.29-ID]:ID-type=FQDN force
-C set [131.188.33.29-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
+C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-131.188.33.29]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-131.188.33.29]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Remote-ID=to-10.1.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.2.0/24]:Network=10.1.2.0 force
+C set [to-10.1.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
diff --git a/regress/sbin/ipsecctl/ike40.ok b/regress/sbin/ipsecctl/ike40.ok
index 6422f0fc840..9b283cab45c 100644
--- a/regress/sbin/ipsecctl/ike40.ok
+++ b/regress/sbin/ipsecctl/ike40.ok
@@ -1,38 +1,38 @@
C set [Phase 1]:3ffe::51=peer-3ffe::51 force
C set [peer-3ffe::51]:Phase=1 force
C set [peer-3ffe::51]:Address=3ffe::51 force
-C set [peer-3ffe::51]:Configuration=mm-3ffe::51 force
-C set [mm-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::51]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Phase=2 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::51 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Configuration=qm-3ffe:1::/64-3ffe:2::/64 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Local-ID=lid-3ffe:1::/64 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Remote-ID=rid-3ffe:2::/64 force
-C set [qm-3ffe:1::/64-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe:1::/64-3ffe:2::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-3ffe:1::/64]:Network=3ffe:1:: force
-C set [lid-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C set [rid-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-3ffe:2::/64]:Network=3ffe:2:: force
-C set [rid-3ffe:2::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C add [Phase 2]:Passive-Connections=IPsec-3ffe:1::/64-3ffe:2::/64
+C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force
+C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::51]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Phase=2 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::51 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Configuration=phase2-from-3ffe:1::/64-to-3ffe:2::/64 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Local-ID=from-3ffe:1::/64 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Remote-ID=to-3ffe:2::/64 force
+C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-3ffe:1::/64]:Network=3ffe:1:: force
+C set [from-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C set [to-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-3ffe:2::/64]:Network=3ffe:2:: force
+C set [to-3ffe:2::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C add [Phase 2]:Passive-Connections=from-3ffe:1::/64-to-3ffe:2::/64
C set [Phase 1]:3ffe::51=peer-3ffe::51 force
C set [peer-3ffe::51]:Phase=1 force
C set [peer-3ffe::51]:Address=3ffe::51 force
-C set [peer-3ffe::51]:Configuration=mm-3ffe::51 force
-C set [mm-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::51]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::29-3ffe::51]:Phase=2 force
-C set [IPsec-3ffe::29-3ffe::51]:ISAKMP-peer=peer-3ffe::51 force
-C set [IPsec-3ffe::29-3ffe::51]:Configuration=qm-3ffe::29-3ffe::51 force
-C set [IPsec-3ffe::29-3ffe::51]:Local-ID=lid-3ffe::29 force
-C set [IPsec-3ffe::29-3ffe::51]:Remote-ID=rid-3ffe::51 force
-C set [qm-3ffe::29-3ffe::51]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::29-3ffe::51]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::29]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::29]:Address=3ffe::29 force
-C set [rid-3ffe::51]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::51]:Address=3ffe::51 force
-C add [Phase 2]:Passive-Connections=IPsec-3ffe::29-3ffe::51
+C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force
+C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::51]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::29-to-3ffe::51]:Phase=2 force
+C set [from-3ffe::29-to-3ffe::51]:ISAKMP-peer=peer-3ffe::51 force
+C set [from-3ffe::29-to-3ffe::51]:Configuration=phase2-from-3ffe::29-to-3ffe::51 force
+C set [from-3ffe::29-to-3ffe::51]:Local-ID=from-3ffe::29 force
+C set [from-3ffe::29-to-3ffe::51]:Remote-ID=to-3ffe::51 force
+C set [phase2-from-3ffe::29-to-3ffe::51]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::29-to-3ffe::51]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::29]:ID-type=IPV6_ADDR force
+C set [from-3ffe::29]:Address=3ffe::29 force
+C set [to-3ffe::51]:ID-type=IPV6_ADDR force
+C set [to-3ffe::51]:Address=3ffe::51 force
+C add [Phase 2]:Passive-Connections=from-3ffe::29-to-3ffe::51
diff --git a/regress/sbin/ipsecctl/ike41.ok b/regress/sbin/ipsecctl/ike41.ok
index bd56c47c595..d69595c4ae4 100644
--- a/regress/sbin/ipsecctl/ike41.ok
+++ b/regress/sbin/ipsecctl/ike41.ok
@@ -3,18 +3,18 @@ C set [General]:Default-phase-2-lifetime=1200 force
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force
-C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-2.2.2.2]:ID-type=IPV4_ADDR force
-C set [rid-2.2.2.2]:Address=2.2.2.2 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
+C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-2.2.2.2]:Remote-ID=to-2.2.2.2 force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
+C set [to-2.2.2.2]:Address=2.2.2.2 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
diff --git a/regress/sbin/ipsecctl/ike42.ok b/regress/sbin/ipsecctl/ike42.ok
index 1781b717f08..b385bd5687d 100644
--- a/regress/sbin/ipsecctl/ike42.ok
+++ b/regress/sbin/ipsecctl/ike42.ok
@@ -1,21 +1,21 @@
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1:123-17-2.2.2.2:0-17]:Phase=2 force
-C set [IPsec-1.1.1.1:123-17-2.2.2.2:0-17]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-1.1.1.1:123-17-2.2.2.2:0-17]:Configuration=qm-1.1.1.1:123-17-2.2.2.2:0-17 force
-C set [IPsec-1.1.1.1:123-17-2.2.2.2:0-17]:Local-ID=lid-1.1.1.1:123-17 force
-C set [IPsec-1.1.1.1:123-17-2.2.2.2:0-17]:Remote-ID=rid-2.2.2.2:0-17 force
-C set [qm-1.1.1.1:123-17-2.2.2.2:0-17]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1:123-17-2.2.2.2:0-17]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1:123-17]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1:123-17]:Address=1.1.1.1 force
-C set [rid-2.2.2.2:0-17]:ID-type=IPV4_ADDR force
-C set [rid-2.2.2.2:0-17]:Address=2.2.2.2 force
-C set [lid-1.1.1.1:123-17]:Protocol=17 force
-C set [rid-2.2.2.2:0-17]:Protocol=17 force
-C set [lid-1.1.1.1:123-17]:Port=123 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1:123-17-2.2.2.2:0-17
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1=17:123-to-2.2.2.2=17]:Phase=2 force
+C set [from-1.1.1.1=17:123-to-2.2.2.2=17]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-1.1.1.1=17:123-to-2.2.2.2=17]:Configuration=phase2-from-1.1.1.1=17:123-to-2.2.2.2=17 force
+C set [from-1.1.1.1=17:123-to-2.2.2.2=17]:Local-ID=from-1.1.1.1=17:123 force
+C set [from-1.1.1.1=17:123-to-2.2.2.2=17]:Remote-ID=to-2.2.2.2=17 force
+C set [phase2-from-1.1.1.1=17:123-to-2.2.2.2=17]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1=17:123-to-2.2.2.2=17]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1=17:123]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1=17:123]:Address=1.1.1.1 force
+C set [to-2.2.2.2=17]:ID-type=IPV4_ADDR force
+C set [to-2.2.2.2=17]:Address=2.2.2.2 force
+C set [from-1.1.1.1=17:123]:Protocol=17 force
+C set [to-2.2.2.2=17]:Protocol=17 force
+C set [from-1.1.1.1=17:123]:Port=123 force
+C add [Phase 2]:Connections=from-1.1.1.1=17:123-to-2.2.2.2=17
diff --git a/regress/sbin/ipsecctl/ike43.ok b/regress/sbin/ipsecctl/ike43.ok
index c3c4c705ff7..faabc9ff618 100644
--- a/regress/sbin/ipsecctl/ike43.ok
+++ b/regress/sbin/ipsecctl/ike43.ok
@@ -1,22 +1,22 @@
C set [Phase 1]:3ffe::2=peer-3ffe::2 force
C set [peer-3ffe::2]:Phase=1 force
C set [peer-3ffe::2]:Address=3ffe::2 force
-C set [peer-3ffe::2]:Configuration=mm-3ffe::2 force
-C set [mm-3ffe::2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::1:2022-6-3ffe::2:22-6]:Phase=2 force
-C set [IPsec-3ffe::1:2022-6-3ffe::2:22-6]:ISAKMP-peer=peer-3ffe::2 force
-C set [IPsec-3ffe::1:2022-6-3ffe::2:22-6]:Configuration=qm-3ffe::1:2022-6-3ffe::2:22-6 force
-C set [IPsec-3ffe::1:2022-6-3ffe::2:22-6]:Local-ID=lid-3ffe::1:2022-6 force
-C set [IPsec-3ffe::1:2022-6-3ffe::2:22-6]:Remote-ID=rid-3ffe::2:22-6 force
-C set [qm-3ffe::1:2022-6-3ffe::2:22-6]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::1:2022-6-3ffe::2:22-6]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::1:2022-6]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::1:2022-6]:Address=3ffe::1 force
-C set [rid-3ffe::2:22-6]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::2:22-6]:Address=3ffe::2 force
-C set [lid-3ffe::1:2022-6]:Protocol=6 force
-C set [rid-3ffe::2:22-6]:Protocol=6 force
-C set [lid-3ffe::1:2022-6]:Port=2022 force
-C set [rid-3ffe::2:22-6]:Port=22 force
-C add [Phase 2]:Connections=IPsec-3ffe::1:2022-6-3ffe::2:22-6
+C set [peer-3ffe::2]:Configuration=phase1-peer-3ffe::2 force
+C set [phase1-peer-3ffe::2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::1=6:2022-to-3ffe::2=6:22]:Phase=2 force
+C set [from-3ffe::1=6:2022-to-3ffe::2=6:22]:ISAKMP-peer=peer-3ffe::2 force
+C set [from-3ffe::1=6:2022-to-3ffe::2=6:22]:Configuration=phase2-from-3ffe::1=6:2022-to-3ffe::2=6:22 force
+C set [from-3ffe::1=6:2022-to-3ffe::2=6:22]:Local-ID=from-3ffe::1=6:2022 force
+C set [from-3ffe::1=6:2022-to-3ffe::2=6:22]:Remote-ID=to-3ffe::2=6:22 force
+C set [phase2-from-3ffe::1=6:2022-to-3ffe::2=6:22]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::1=6:2022-to-3ffe::2=6:22]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::1=6:2022]:ID-type=IPV6_ADDR force
+C set [from-3ffe::1=6:2022]:Address=3ffe::1 force
+C set [to-3ffe::2=6:22]:ID-type=IPV6_ADDR force
+C set [to-3ffe::2=6:22]:Address=3ffe::2 force
+C set [from-3ffe::1=6:2022]:Protocol=6 force
+C set [to-3ffe::2=6:22]:Protocol=6 force
+C set [from-3ffe::1=6:2022]:Port=2022 force
+C set [to-3ffe::2=6:22]:Port=22 force
+C add [Phase 2]:Connections=from-3ffe::1=6:2022-to-3ffe::2=6:22
diff --git a/regress/sbin/ipsecctl/ike46.ok b/regress/sbin/ipsecctl/ike46.ok
index 0b85fe1216f..c52acd23f1d 100644
--- a/regress/sbin/ipsecctl/ike46.ok
+++ b/regress/sbin/ipsecctl/ike46.ok
@@ -1,36 +1,36 @@
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force
-C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-2.2.2.2]:ID-type=IPV4_ADDR force
-C set [rid-2.2.2.2]:Address=2.2.2.2 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
+C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-2.2.2.2]:Remote-ID=to-2.2.2.2 force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
+C set [to-2.2.2.2]:Address=2.2.2.2 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force
-C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-ESP-TRP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-2.2.2.2]:ID-type=IPV4_ADDR force
-C set [rid-2.2.2.2]:Address=2.2.2.2 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
+C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-2.2.2.2]:Remote-ID=to-2.2.2.2 force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=QM-ESP-TRP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
+C set [to-2.2.2.2]:Address=2.2.2.2 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
diff --git a/regress/sbin/ipsecctl/ike47.ok b/regress/sbin/ipsecctl/ike47.ok
index 43d908869e6..8d13650a978 100644
--- a/regress/sbin/ipsecctl/ike47.ok
+++ b/regress/sbin/ipsecctl/ike47.ok
@@ -1,38 +1,38 @@
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Phase=2 force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:ISAKMP-peer=peer-default force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Configuration=qm-0.0.0.0/0-0.0.0.0/0 force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Local-ID=lid-0.0.0.0/0 force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force
-C set [qm-0.0.0.0/0-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-0.0.0.0/0-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [lid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C add [Phase 2]:Connections=IPsec-0.0.0.0/0-0.0.0.0/0
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Phase=2 force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Configuration=phase2-from-0.0.0.0/0-to-0.0.0.0/0 force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Local-ID=from-0.0.0.0/0 force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-0.0.0.0/0]:Network=0.0.0.0 force
+C set [from-0.0.0.0/0]:Netmask=0.0.0.0 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-0.0.0.0/0-to-0.0.0.0/0
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-::/0-::/0]:Phase=2 force
-C set [IPsec-::/0-::/0]:ISAKMP-peer=peer-default force
-C set [IPsec-::/0-::/0]:Configuration=qm-::/0-::/0 force
-C set [IPsec-::/0-::/0]:Local-ID=lid-::/0 force
-C set [IPsec-::/0-::/0]:Remote-ID=rid-::/0 force
-C set [qm-::/0-::/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-::/0-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-::/0]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-::/0]:Network=:: force
-C set [lid-::/0]:Netmask=:: force
-C set [rid-::/0]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-::/0]:Network=:: force
-C set [rid-::/0]:Netmask=:: force
-C add [Phase 2]:Connections=IPsec-::/0-::/0
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force
+C set [from-::/0-to-::/0]:Phase=2 force
+C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force
+C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force
+C set [from-::/0-to-::/0]:Local-ID=from-::/0 force
+C set [from-::/0-to-::/0]:Remote-ID=to-::/0 force
+C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-::/0-to-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-::/0]:Network=:: force
+C set [from-::/0]:Netmask=:: force
+C set [to-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-::/0]:Network=:: force
+C set [to-::/0]:Netmask=:: force
+C add [Phase 2]:Connections=from-::/0-to-::/0
diff --git a/regress/sbin/ipsecctl/ike48.ok b/regress/sbin/ipsecctl/ike48.ok
index 625c82d2a4c..493ddc598a5 100644
--- a/regress/sbin/ipsecctl/ike48.ok
+++ b/regress/sbin/ipsecctl/ike48.ok
@@ -1,40 +1,40 @@
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Authentication=mekmitasdigoat force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Phase=2 force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:ISAKMP-peer=peer-default force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Configuration=qm-0.0.0.0/0-0.0.0.0/0 force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Local-ID=lid-0.0.0.0/0 force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force
-C set [qm-0.0.0.0/0-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-0.0.0.0/0-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [lid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C add [Phase 2]:Connections=IPsec-0.0.0.0/0-0.0.0.0/0
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Phase=2 force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Configuration=phase2-from-0.0.0.0/0-to-0.0.0.0/0 force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Local-ID=from-0.0.0.0/0 force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-0.0.0.0/0]:Network=0.0.0.0 force
+C set [from-0.0.0.0/0]:Netmask=0.0.0.0 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-0.0.0.0/0-to-0.0.0.0/0
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Authentication=mekmitasdigoat force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA force
-C set [IPsec-::/0-::/0]:Phase=2 force
-C set [IPsec-::/0-::/0]:ISAKMP-peer=peer-default force
-C set [IPsec-::/0-::/0]:Configuration=qm-::/0-::/0 force
-C set [IPsec-::/0-::/0]:Local-ID=lid-::/0 force
-C set [IPsec-::/0-::/0]:Remote-ID=rid-::/0 force
-C set [qm-::/0-::/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-::/0-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-::/0]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-::/0]:Network=:: force
-C set [lid-::/0]:Netmask=:: force
-C set [rid-::/0]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-::/0]:Network=:: force
-C set [rid-::/0]:Netmask=:: force
-C add [Phase 2]:Connections=IPsec-::/0-::/0
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA force
+C set [from-::/0-to-::/0]:Phase=2 force
+C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force
+C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force
+C set [from-::/0-to-::/0]:Local-ID=from-::/0 force
+C set [from-::/0-to-::/0]:Remote-ID=to-::/0 force
+C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-::/0-to-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-::/0]:Network=:: force
+C set [from-::/0]:Netmask=:: force
+C set [to-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-::/0]:Network=:: force
+C set [to-::/0]:Netmask=:: force
+C add [Phase 2]:Connections=from-::/0-to-::/0
diff --git a/regress/sbin/ipsecctl/ike49.ok b/regress/sbin/ipsecctl/ike49.ok
index 48b43dc2f5e..cce2e81d578 100644
--- a/regress/sbin/ipsecctl/ike49.ok
+++ b/regress/sbin/ipsecctl/ike49.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Authentication=mekmitasdigoat force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-default force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-default force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Remote-ID=to-10.1.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.2.0/24]:Network=10.1.2.0 force
+C set [to-10.1.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
diff --git a/regress/sbin/ipsecctl/ike5.ok b/regress/sbin/ipsecctl/ike5.ok
index 2488919ccf7..3cd131f1c24 100644
--- a/regress/sbin/ipsecctl/ike5.ok
+++ b/regress/sbin/ipsecctl/ike5.ok
@@ -1,50 +1,50 @@
C set [Phase 1]:131.188.33.29=peer-131.188.33.29 force
C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
-C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force
-C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.29]:Transforms=3DES-SHA-GRP15-RSA_SIG force
-C set [peer-131.188.33.29]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-131.188.33.29]:Remote-ID=131.188.33.29-ID force
-C set [131.188.33.29-ID]:ID-type=FQDN force
-C set [131.188.33.29-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-3DES-SHA-PFS-GRP15-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
+C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.29]:Transforms=3DES-SHA-GRP15-RSA_SIG force
+C set [peer-131.188.33.29]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-131.188.33.29]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Remote-ID=to-10.1.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=QM-ESP-3DES-SHA-PFS-GRP15-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.2.0/24]:Network=10.1.2.0 force
+C set [to-10.1.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
C set [Phase 1]:131.188.33.29=peer-131.188.33.29 force
C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
-C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force
-C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.29]:Transforms=AES-SHA-GRP15-RSA_SIG force
-C set [peer-131.188.33.29]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-131.188.33.29]:Remote-ID=131.188.33.29-ID force
-C set [131.188.33.29-ID]:ID-type=FQDN force
-C set [131.188.33.29-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-131.188.33.51-131.188.33.29]:Phase=2 force
-C set [IPsec-131.188.33.51-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Configuration=qm-131.188.33.51-131.188.33.29 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Local-ID=lid-131.188.33.51 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Remote-ID=rid-131.188.33.29 force
-C set [qm-131.188.33.51-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-131.188.33.51-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
-C set [lid-131.188.33.51]:ID-type=IPV4_ADDR force
-C set [lid-131.188.33.51]:Address=131.188.33.51 force
-C set [rid-131.188.33.29]:ID-type=IPV4_ADDR force
-C set [rid-131.188.33.29]:Address=131.188.33.29 force
-C add [Phase 2]:Connections=IPsec-131.188.33.51-131.188.33.29
+C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
+C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.29]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [peer-131.188.33.29]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-131.188.33.29]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-131.188.33.51-to-131.188.33.29]:Phase=2 force
+C set [from-131.188.33.51-to-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
+C set [from-131.188.33.51-to-131.188.33.29]:Configuration=phase2-from-131.188.33.51-to-131.188.33.29 force
+C set [from-131.188.33.51-to-131.188.33.29]:Local-ID=from-131.188.33.51 force
+C set [from-131.188.33.51-to-131.188.33.29]:Remote-ID=to-131.188.33.29 force
+C set [phase2-from-131.188.33.51-to-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-131.188.33.51-to-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [from-131.188.33.51]:ID-type=IPV4_ADDR force
+C set [from-131.188.33.51]:Address=131.188.33.51 force
+C set [to-131.188.33.29]:ID-type=IPV4_ADDR force
+C set [to-131.188.33.29]:Address=131.188.33.29 force
+C add [Phase 2]:Connections=from-131.188.33.51-to-131.188.33.29
diff --git a/regress/sbin/ipsecctl/ike50.ok b/regress/sbin/ipsecctl/ike50.ok
index 942947628d8..d18632cc315 100644
--- a/regress/sbin/ipsecctl/ike50.ok
+++ b/regress/sbin/ipsecctl/ike50.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Local-address=1.1.1.1 force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-10.1.1.0/24-10.2.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.2.2.0/24]:ISAKMP-peer=peer-default force
-C set [IPsec-10.1.1.0/24-10.2.2.0/24]:Configuration=qm-10.1.1.0/24-10.2.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.2.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.2.2.0/24]:Remote-ID=rid-10.2.2.0/24 force
-C set [qm-10.1.1.0/24-10.2.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.2.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.2.2.0/24]:Network=10.2.2.0 force
-C set [rid-10.2.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.2.2.0/24
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force
+C set [from-10.1.1.0/24-to-10.2.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.2.2.0/24]:ISAKMP-peer=peer-default force
+C set [from-10.1.1.0/24-to-10.2.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.2.2.0/24 force
+C set [from-10.1.1.0/24-to-10.2.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.2.2.0/24]:Remote-ID=to-10.2.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.2.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.2.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.2.2.0/24]:Network=10.2.2.0 force
+C set [to-10.2.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.2.2.0/24
diff --git a/regress/sbin/ipsecctl/ike51.ok b/regress/sbin/ipsecctl/ike51.ok
index 63ed7853e29..7748a47ecfe 100644
--- a/regress/sbin/ipsecctl/ike51.ok
+++ b/regress/sbin/ipsecctl/ike51.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Authentication=mekmitasdigoat force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Phase=2 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:ISAKMP-peer=peer-default force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Configuration=qm-3ffe::1/24-3ffe:2::/24 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Local-ID=lid-3ffe::1/24 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Remote-ID=rid-3ffe:2::/24 force
-C set [qm-3ffe::1/24-3ffe:2::/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::1/24-3ffe:2::/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-3ffe::1/24]:Network=3ffe::1 force
-C set [lid-3ffe::1/24]:Netmask=ffff:ff00:: force
-C set [rid-3ffe:2::/24]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-3ffe:2::/24]:Network=3ffe:2:: force
-C set [rid-3ffe:2::/24]:Netmask=ffff:ff00:: force
-C add [Phase 2]:Connections=IPsec-3ffe::1/24-3ffe:2::/24
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Phase=2 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:ISAKMP-peer=peer-default force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Configuration=phase2-from-3ffe::1/24-to-3ffe:2::/24 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Local-ID=from-3ffe::1/24 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Remote-ID=to-3ffe:2::/24 force
+C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-3ffe::1/24]:Network=3ffe::1 force
+C set [from-3ffe::1/24]:Netmask=ffff:ff00:: force
+C set [to-3ffe:2::/24]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-3ffe:2::/24]:Network=3ffe:2:: force
+C set [to-3ffe:2::/24]:Netmask=ffff:ff00:: force
+C add [Phase 2]:Connections=from-3ffe::1/24-to-3ffe:2::/24
diff --git a/regress/sbin/ipsecctl/ike52.ok b/regress/sbin/ipsecctl/ike52.ok
index 91dab9d5009..26ab38fa24c 100644
--- a/regress/sbin/ipsecctl/ike52.ok
+++ b/regress/sbin/ipsecctl/ike52.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Local-address=3ffe::3 force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Phase=2 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:ISAKMP-peer=peer-default force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Configuration=qm-3ffe::1/24-3ffe:2::/24 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Local-ID=lid-3ffe::1/24 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Remote-ID=rid-3ffe:2::/24 force
-C set [qm-3ffe::1/24-3ffe:2::/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::1/24-3ffe:2::/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-3ffe::1/24]:Network=3ffe::1 force
-C set [lid-3ffe::1/24]:Netmask=ffff:ff00:: force
-C set [rid-3ffe:2::/24]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-3ffe:2::/24]:Network=3ffe:2:: force
-C set [rid-3ffe:2::/24]:Netmask=ffff:ff00:: force
-C add [Phase 2]:Connections=IPsec-3ffe::1/24-3ffe:2::/24
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Phase=2 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:ISAKMP-peer=peer-default force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Configuration=phase2-from-3ffe::1/24-to-3ffe:2::/24 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Local-ID=from-3ffe::1/24 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Remote-ID=to-3ffe:2::/24 force
+C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-3ffe::1/24]:Network=3ffe::1 force
+C set [from-3ffe::1/24]:Netmask=ffff:ff00:: force
+C set [to-3ffe:2::/24]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-3ffe:2::/24]:Network=3ffe:2:: force
+C set [to-3ffe:2::/24]:Netmask=ffff:ff00:: force
+C add [Phase 2]:Connections=from-3ffe::1/24-to-3ffe:2::/24
diff --git a/regress/sbin/ipsecctl/ike53.ok b/regress/sbin/ipsecctl/ike53.ok
index 884712edaef..f9b8c2e00aa 100644
--- a/regress/sbin/ipsecctl/ike53.ok
+++ b/regress/sbin/ipsecctl/ike53.ok
@@ -1,18 +1,18 @@
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force
-C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-AH-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-2.2.2.2]:ID-type=IPV4_ADDR force
-C set [rid-2.2.2.2]:Address=2.2.2.2 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
+C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-2.2.2.2]:Remote-ID=to-2.2.2.2 force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=QM-AH-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
+C set [to-2.2.2.2]:Address=2.2.2.2 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
diff --git a/regress/sbin/ipsecctl/ike54.ok b/regress/sbin/ipsecctl/ike54.ok
index 6852dc1ab7b..ba71199c199 100644
--- a/regress/sbin/ipsecctl/ike54.ok
+++ b/regress/sbin/ipsecctl/ike54.ok
@@ -1,21 +1,21 @@
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1:123-17-0.0.0.0/0:0-17]:Phase=2 force
-C set [IPsec-1.1.1.1:123-17-0.0.0.0/0:0-17]:ISAKMP-peer=peer-default force
-C set [IPsec-1.1.1.1:123-17-0.0.0.0/0:0-17]:Configuration=qm-1.1.1.1:123-17-0.0.0.0/0:0-17 force
-C set [IPsec-1.1.1.1:123-17-0.0.0.0/0:0-17]:Local-ID=lid-1.1.1.1:123-17 force
-C set [IPsec-1.1.1.1:123-17-0.0.0.0/0:0-17]:Remote-ID=rid-0.0.0.0/0:0-17 force
-C set [qm-1.1.1.1:123-17-0.0.0.0/0:0-17]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1:123-17-0.0.0.0/0:0-17]:Suites=QM-AH-TRP-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1:123-17]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1:123-17]:Address=1.1.1.1 force
-C set [rid-0.0.0.0/0:0-17]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0:0-17]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0:0-17]:Netmask=0.0.0.0 force
-C set [lid-1.1.1.1:123-17]:Protocol=17 force
-C set [rid-0.0.0.0/0:0-17]:Protocol=17 force
-C set [lid-1.1.1.1:123-17]:Port=123 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1:123-17-0.0.0.0/0:0-17
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1=17:123-to-0.0.0.0/0=17]:Phase=2 force
+C set [from-1.1.1.1=17:123-to-0.0.0.0/0=17]:ISAKMP-peer=peer-default force
+C set [from-1.1.1.1=17:123-to-0.0.0.0/0=17]:Configuration=phase2-from-1.1.1.1=17:123-to-0.0.0.0/0=17 force
+C set [from-1.1.1.1=17:123-to-0.0.0.0/0=17]:Local-ID=from-1.1.1.1=17:123 force
+C set [from-1.1.1.1=17:123-to-0.0.0.0/0=17]:Remote-ID=to-0.0.0.0/0=17 force
+C set [phase2-from-1.1.1.1=17:123-to-0.0.0.0/0=17]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1=17:123-to-0.0.0.0/0=17]:Suites=QM-AH-TRP-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1=17:123]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1=17:123]:Address=1.1.1.1 force
+C set [to-0.0.0.0/0=17]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0=17]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0=17]:Netmask=0.0.0.0 force
+C set [from-1.1.1.1=17:123]:Protocol=17 force
+C set [to-0.0.0.0/0=17]:Protocol=17 force
+C set [from-1.1.1.1=17:123]:Port=123 force
+C add [Phase 2]:Connections=from-1.1.1.1=17:123-to-0.0.0.0/0=17
diff --git a/regress/sbin/ipsecctl/ike55.ok b/regress/sbin/ipsecctl/ike55.ok
index 02d884ecc17..3afcf17b93a 100644
--- a/regress/sbin/ipsecctl/ike55.ok
+++ b/regress/sbin/ipsecctl/ike55.ok
@@ -1,18 +1,18 @@
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force
-C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-AH-MD5-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-2.2.2.2]:ID-type=IPV4_ADDR force
-C set [rid-2.2.2.2]:Address=2.2.2.2 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
+C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-2.2.2.2]:Remote-ID=to-2.2.2.2 force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=QM-AH-MD5-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
+C set [to-2.2.2.2]:Address=2.2.2.2 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
diff --git a/regress/sbin/ipsecctl/ike56.ok b/regress/sbin/ipsecctl/ike56.ok
index 2891999b60e..c41b62ec22b 100644
--- a/regress/sbin/ipsecctl/ike56.ok
+++ b/regress/sbin/ipsecctl/ike56.ok
@@ -1,18 +1,18 @@
C set [Phase 1]:127.0.0.1=peer-127.0.0.1 force
C set [peer-127.0.0.1]:Phase=1 force
C set [peer-127.0.0.1]:Address=127.0.0.1 force
-C set [peer-127.0.0.1]:Configuration=mm-127.0.0.1 force
-C set [mm-127.0.0.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-127.0.0.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-127.0.0.1-127.0.0.1]:Phase=2 force
-C set [IPsec-127.0.0.1-127.0.0.1]:ISAKMP-peer=peer-127.0.0.1 force
-C set [IPsec-127.0.0.1-127.0.0.1]:Configuration=qm-127.0.0.1-127.0.0.1 force
-C set [IPsec-127.0.0.1-127.0.0.1]:Local-ID=lid-127.0.0.1 force
-C set [IPsec-127.0.0.1-127.0.0.1]:Remote-ID=rid-127.0.0.1 force
-C set [qm-127.0.0.1-127.0.0.1]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-127.0.0.1-127.0.0.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-127.0.0.1]:ID-type=IPV4_ADDR force
-C set [lid-127.0.0.1]:Address=127.0.0.1 force
-C set [rid-127.0.0.1]:ID-type=IPV4_ADDR force
-C set [rid-127.0.0.1]:Address=127.0.0.1 force
-C add [Phase 2]:Passive-Connections=IPsec-127.0.0.1-127.0.0.1
+C set [peer-127.0.0.1]:Configuration=phase1-peer-127.0.0.1 force
+C set [phase1-peer-127.0.0.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-127.0.0.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-127.0.0.1-to-127.0.0.1]:Phase=2 force
+C set [from-127.0.0.1-to-127.0.0.1]:ISAKMP-peer=peer-127.0.0.1 force
+C set [from-127.0.0.1-to-127.0.0.1]:Configuration=phase2-from-127.0.0.1-to-127.0.0.1 force
+C set [from-127.0.0.1-to-127.0.0.1]:Local-ID=from-127.0.0.1 force
+C set [from-127.0.0.1-to-127.0.0.1]:Remote-ID=to-127.0.0.1 force
+C set [phase2-from-127.0.0.1-to-127.0.0.1]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-127.0.0.1-to-127.0.0.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-127.0.0.1]:ID-type=IPV4_ADDR force
+C set [from-127.0.0.1]:Address=127.0.0.1 force
+C set [to-127.0.0.1]:ID-type=IPV4_ADDR force
+C set [to-127.0.0.1]:Address=127.0.0.1 force
+C add [Phase 2]:Passive-Connections=from-127.0.0.1-to-127.0.0.1
diff --git a/regress/sbin/ipsecctl/ike57.ok b/regress/sbin/ipsecctl/ike57.ok
index 6f77ea5f6fa..b99305288b1 100644
--- a/regress/sbin/ipsecctl/ike57.ok
+++ b/regress/sbin/ipsecctl/ike57.ok
@@ -1,78 +1,78 @@
C set [Phase 1]:192.168.0.1=peer-192.168.0.1 force
C set [peer-192.168.0.1]:Phase=1 force
C set [peer-192.168.0.1]:Address=192.168.0.1 force
-C set [peer-192.168.0.1]:Configuration=mm-192.168.0.1 force
-C set [mm-192.168.0.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-192.168.0.1]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-192.168.0.1]:ID=me@example.com-ID force
-C set [me@example.com-ID]:ID-type=USER_FQDN force
-C set [me@example.com-ID]:Name=me@example.com force
-C set [peer-192.168.0.1]:Remote-ID=192.168.0.1-ID force
-C set [192.168.0.1-ID]:ID-type=FQDN force
-C set [192.168.0.1-ID]:Name=other.example.com force
-C set [IPsec-10.0.0.0/24-10.0.1.0/24]:Phase=2 force
-C set [IPsec-10.0.0.0/24-10.0.1.0/24]:ISAKMP-peer=peer-192.168.0.1 force
-C set [IPsec-10.0.0.0/24-10.0.1.0/24]:Configuration=qm-10.0.0.0/24-10.0.1.0/24 force
-C set [IPsec-10.0.0.0/24-10.0.1.0/24]:Local-ID=lid-10.0.0.0/24 force
-C set [IPsec-10.0.0.0/24-10.0.1.0/24]:Remote-ID=rid-10.0.1.0/24 force
-C set [qm-10.0.0.0/24-10.0.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.0.0.0/24-10.0.1.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.0.0.0/24]:Network=10.0.0.0 force
-C set [lid-10.0.0.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.0.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.0.1.0/24]:Network=10.0.1.0 force
-C set [rid-10.0.1.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.0.0.0/24-10.0.1.0/24
+C set [peer-192.168.0.1]:Configuration=phase1-peer-192.168.0.1 force
+C set [phase1-peer-192.168.0.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-192.168.0.1]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-192.168.0.1]:ID=id-me@example.com force
+C set [id-me@example.com]:ID-type=USER_FQDN force
+C set [id-me@example.com]:Name=me@example.com force
+C set [peer-192.168.0.1]:Remote-ID=id-other.example.com force
+C set [id-other.example.com]:ID-type=FQDN force
+C set [id-other.example.com]:Name=other.example.com force
+C set [from-10.0.0.0/24-to-10.0.1.0/24]:Phase=2 force
+C set [from-10.0.0.0/24-to-10.0.1.0/24]:ISAKMP-peer=peer-192.168.0.1 force
+C set [from-10.0.0.0/24-to-10.0.1.0/24]:Configuration=phase2-from-10.0.0.0/24-to-10.0.1.0/24 force
+C set [from-10.0.0.0/24-to-10.0.1.0/24]:Local-ID=from-10.0.0.0/24 force
+C set [from-10.0.0.0/24-to-10.0.1.0/24]:Remote-ID=to-10.0.1.0/24 force
+C set [phase2-from-10.0.0.0/24-to-10.0.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.0.0.0/24-to-10.0.1.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.0.0.0/24]:Network=10.0.0.0 force
+C set [from-10.0.0.0/24]:Netmask=255.255.255.0 force
+C set [to-10.0.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.0.1.0/24]:Network=10.0.1.0 force
+C set [to-10.0.1.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.0.0.0/24-to-10.0.1.0/24
C set [Phase 1]:192.168.0.2=peer-192.168.0.2 force
C set [peer-192.168.0.2]:Phase=1 force
C set [peer-192.168.0.2]:Address=192.168.0.2 force
-C set [peer-192.168.0.2]:Configuration=mm-192.168.0.2 force
-C set [mm-192.168.0.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-192.168.0.2]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-192.168.0.2]:ID=me@example.com-ID force
-C set [me@example.com-ID]:ID-type=USER_FQDN force
-C set [me@example.com-ID]:Name=me@example.com force
-C set [peer-192.168.0.2]:Remote-ID=192.168.0.2-ID force
-C set [192.168.0.2-ID]:ID-type=USER_FQDN force
-C set [192.168.0.2-ID]:Name=other@example.com force
-C set [IPsec-10.0.0.0/24-10.0.2.0/24]:Phase=2 force
-C set [IPsec-10.0.0.0/24-10.0.2.0/24]:ISAKMP-peer=peer-192.168.0.2 force
-C set [IPsec-10.0.0.0/24-10.0.2.0/24]:Configuration=qm-10.0.0.0/24-10.0.2.0/24 force
-C set [IPsec-10.0.0.0/24-10.0.2.0/24]:Local-ID=lid-10.0.0.0/24 force
-C set [IPsec-10.0.0.0/24-10.0.2.0/24]:Remote-ID=rid-10.0.2.0/24 force
-C set [qm-10.0.0.0/24-10.0.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.0.0.0/24-10.0.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.0.0.0/24]:Network=10.0.0.0 force
-C set [lid-10.0.0.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.0.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.0.2.0/24]:Network=10.0.2.0 force
-C set [rid-10.0.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.0.0.0/24-10.0.2.0/24
+C set [peer-192.168.0.2]:Configuration=phase1-peer-192.168.0.2 force
+C set [phase1-peer-192.168.0.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-192.168.0.2]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-192.168.0.2]:ID=id-me@example.com force
+C set [id-me@example.com]:ID-type=USER_FQDN force
+C set [id-me@example.com]:Name=me@example.com force
+C set [peer-192.168.0.2]:Remote-ID=id-other@example.com force
+C set [id-other@example.com]:ID-type=USER_FQDN force
+C set [id-other@example.com]:Name=other@example.com force
+C set [from-10.0.0.0/24-to-10.0.2.0/24]:Phase=2 force
+C set [from-10.0.0.0/24-to-10.0.2.0/24]:ISAKMP-peer=peer-192.168.0.2 force
+C set [from-10.0.0.0/24-to-10.0.2.0/24]:Configuration=phase2-from-10.0.0.0/24-to-10.0.2.0/24 force
+C set [from-10.0.0.0/24-to-10.0.2.0/24]:Local-ID=from-10.0.0.0/24 force
+C set [from-10.0.0.0/24-to-10.0.2.0/24]:Remote-ID=to-10.0.2.0/24 force
+C set [phase2-from-10.0.0.0/24-to-10.0.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.0.0.0/24-to-10.0.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.0.0.0/24]:Network=10.0.0.0 force
+C set [from-10.0.0.0/24]:Netmask=255.255.255.0 force
+C set [to-10.0.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.0.2.0/24]:Network=10.0.2.0 force
+C set [to-10.0.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.0.0.0/24-to-10.0.2.0/24
C set [Phase 1]:192.168.0.3=peer-192.168.0.3 force
C set [peer-192.168.0.3]:Phase=1 force
C set [peer-192.168.0.3]:Address=192.168.0.3 force
-C set [peer-192.168.0.3]:Configuration=mm-192.168.0.3 force
-C set [mm-192.168.0.3]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-192.168.0.3]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-192.168.0.3]:ID=me.example.com-ID force
-C set [me.example.com-ID]:ID-type=FQDN force
-C set [me.example.com-ID]:Name=me.example.com force
-C set [peer-192.168.0.3]:Remote-ID=192.168.0.3-ID force
-C set [192.168.0.3-ID]:ID-type=USER_FQDN force
-C set [192.168.0.3-ID]:Name=other@example.com force
-C set [IPsec-10.0.0.0/24-10.0.3.0/24]:Phase=2 force
-C set [IPsec-10.0.0.0/24-10.0.3.0/24]:ISAKMP-peer=peer-192.168.0.3 force
-C set [IPsec-10.0.0.0/24-10.0.3.0/24]:Configuration=qm-10.0.0.0/24-10.0.3.0/24 force
-C set [IPsec-10.0.0.0/24-10.0.3.0/24]:Local-ID=lid-10.0.0.0/24 force
-C set [IPsec-10.0.0.0/24-10.0.3.0/24]:Remote-ID=rid-10.0.3.0/24 force
-C set [qm-10.0.0.0/24-10.0.3.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.0.0.0/24-10.0.3.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.0.0.0/24]:Network=10.0.0.0 force
-C set [lid-10.0.0.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.0.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.0.3.0/24]:Network=10.0.3.0 force
-C set [rid-10.0.3.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.0.0.0/24-10.0.3.0/24
+C set [peer-192.168.0.3]:Configuration=phase1-peer-192.168.0.3 force
+C set [phase1-peer-192.168.0.3]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-192.168.0.3]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-192.168.0.3]:ID=id-me.example.com force
+C set [id-me.example.com]:ID-type=FQDN force
+C set [id-me.example.com]:Name=me.example.com force
+C set [peer-192.168.0.3]:Remote-ID=id-other@example.com force
+C set [id-other@example.com]:ID-type=USER_FQDN force
+C set [id-other@example.com]:Name=other@example.com force
+C set [from-10.0.0.0/24-to-10.0.3.0/24]:Phase=2 force
+C set [from-10.0.0.0/24-to-10.0.3.0/24]:ISAKMP-peer=peer-192.168.0.3 force
+C set [from-10.0.0.0/24-to-10.0.3.0/24]:Configuration=phase2-from-10.0.0.0/24-to-10.0.3.0/24 force
+C set [from-10.0.0.0/24-to-10.0.3.0/24]:Local-ID=from-10.0.0.0/24 force
+C set [from-10.0.0.0/24-to-10.0.3.0/24]:Remote-ID=to-10.0.3.0/24 force
+C set [phase2-from-10.0.0.0/24-to-10.0.3.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.0.0.0/24-to-10.0.3.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.0.0.0/24]:Network=10.0.0.0 force
+C set [from-10.0.0.0/24]:Netmask=255.255.255.0 force
+C set [to-10.0.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.0.3.0/24]:Network=10.0.3.0 force
+C set [to-10.0.3.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.0.0.0/24-to-10.0.3.0/24
diff --git a/regress/sbin/ipsecctl/ike58.ok b/regress/sbin/ipsecctl/ike58.ok
index 55716265dd3..bc2f331a252 100644
--- a/regress/sbin/ipsecctl/ike58.ok
+++ b/regress/sbin/ipsecctl/ike58.ok
@@ -1,57 +1,57 @@
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Phase=2 force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:ISAKMP-peer=peer-default force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Configuration=qm-0.0.0.0/0-0.0.0.0/0 force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Local-ID=lid-0.0.0.0/0 force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force
-C set [qm-0.0.0.0/0-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-0.0.0.0/0-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [lid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C add [Phase 2]:Connections=IPsec-0.0.0.0/0-0.0.0.0/0
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Phase=2 force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Configuration=phase2-from-0.0.0.0/0-to-0.0.0.0/0 force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Local-ID=from-0.0.0.0/0 force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-0.0.0.0/0]:Network=0.0.0.0 force
+C set [from-0.0.0.0/0]:Netmask=0.0.0.0 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-0.0.0.0/0-to-0.0.0.0/0
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-::/0-::/0]:Phase=2 force
-C set [IPsec-::/0-::/0]:ISAKMP-peer=peer-default force
-C set [IPsec-::/0-::/0]:Configuration=qm-::/0-::/0 force
-C set [IPsec-::/0-::/0]:Local-ID=lid-::/0 force
-C set [IPsec-::/0-::/0]:Remote-ID=rid-::/0 force
-C set [qm-::/0-::/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-::/0-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-::/0]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-::/0]:Network=:: force
-C set [lid-::/0]:Netmask=:: force
-C set [rid-::/0]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-::/0]:Network=:: force
-C set [rid-::/0]:Netmask=:: force
-C add [Phase 2]:Connections=IPsec-::/0-::/0
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force
+C set [from-::/0-to-::/0]:Phase=2 force
+C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force
+C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force
+C set [from-::/0-to-::/0]:Local-ID=from-::/0 force
+C set [from-::/0-to-::/0]:Remote-ID=to-::/0 force
+C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-::/0-to-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-::/0]:Network=:: force
+C set [from-::/0]:Netmask=:: force
+C set [to-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-::/0]:Network=:: force
+C set [to-::/0]:Netmask=:: force
+C add [Phase 2]:Connections=from-::/0-to-::/0
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-::/0-::/0]:Phase=2 force
-C set [IPsec-::/0-::/0]:ISAKMP-peer=peer-default force
-C set [IPsec-::/0-::/0]:Configuration=qm-::/0-::/0 force
-C set [IPsec-::/0-::/0]:Local-ID=lid-::/0 force
-C set [IPsec-::/0-::/0]:Remote-ID=rid-::/0 force
-C set [qm-::/0-::/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-::/0-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-::/0]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-::/0]:Network=:: force
-C set [lid-::/0]:Netmask=:: force
-C set [rid-::/0]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-::/0]:Network=:: force
-C set [rid-::/0]:Netmask=:: force
-C add [Phase 2]:Connections=IPsec-::/0-::/0
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force
+C set [from-::/0-to-::/0]:Phase=2 force
+C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force
+C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force
+C set [from-::/0-to-::/0]:Local-ID=from-::/0 force
+C set [from-::/0-to-::/0]:Remote-ID=to-::/0 force
+C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-::/0-to-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-::/0]:Network=:: force
+C set [from-::/0]:Netmask=:: force
+C set [to-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-::/0]:Network=:: force
+C set [to-::/0]:Netmask=:: force
+C add [Phase 2]:Connections=from-::/0-to-::/0
diff --git a/regress/sbin/ipsecctl/ike59.ok b/regress/sbin/ipsecctl/ike59.ok
index aa1ccfe07b1..1ed5bb4c6bf 100644
--- a/regress/sbin/ipsecctl/ike59.ok
+++ b/regress/sbin/ipsecctl/ike59.ok
@@ -1,18 +1,18 @@
C set [Phase 1]:1.2.3.4=peer-1.2.3.4 force
C set [peer-1.2.3.4]:Phase=1 force
C set [peer-1.2.3.4]:Address=1.2.3.4 force
-C set [peer-1.2.3.4]:Configuration=mm-1.2.3.4 force
-C set [mm-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.2.3.4]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-10.0.0.1/32-10.0.0.2/32]:Phase=2 force
-C set [IPsec-10.0.0.1/32-10.0.0.2/32]:ISAKMP-peer=peer-1.2.3.4 force
-C set [IPsec-10.0.0.1/32-10.0.0.2/32]:Configuration=qm-10.0.0.1/32-10.0.0.2/32 force
-C set [IPsec-10.0.0.1/32-10.0.0.2/32]:Local-ID=lid-10.0.0.1/32 force
-C set [IPsec-10.0.0.1/32-10.0.0.2/32]:Remote-ID=rid-10.0.0.2/32 force
-C set [qm-10.0.0.1/32-10.0.0.2/32]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.0.0.1/32-10.0.0.2/32]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.0.0.1/32]:ID-type=IPV4_ADDR force
-C set [lid-10.0.0.1/32]:Address=10.0.0.1 force
-C set [rid-10.0.0.2/32]:ID-type=IPV4_ADDR force
-C set [rid-10.0.0.2/32]:Address=10.0.0.2 force
-C add [Phase 2]:Connections=IPsec-10.0.0.1/32-10.0.0.2/32
+C set [peer-1.2.3.4]:Configuration=phase1-peer-1.2.3.4 force
+C set [phase1-peer-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.2.3.4]:Transforms=AES-SHA-RSA_SIG force
+C set [from-10.0.0.1/32-to-10.0.0.2/32]:Phase=2 force
+C set [from-10.0.0.1/32-to-10.0.0.2/32]:ISAKMP-peer=peer-1.2.3.4 force
+C set [from-10.0.0.1/32-to-10.0.0.2/32]:Configuration=phase2-from-10.0.0.1/32-to-10.0.0.2/32 force
+C set [from-10.0.0.1/32-to-10.0.0.2/32]:Local-ID=from-10.0.0.1/32 force
+C set [from-10.0.0.1/32-to-10.0.0.2/32]:Remote-ID=to-10.0.0.2/32 force
+C set [phase2-from-10.0.0.1/32-to-10.0.0.2/32]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.0.0.1/32-to-10.0.0.2/32]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.0.0.1/32]:ID-type=IPV4_ADDR force
+C set [from-10.0.0.1/32]:Address=10.0.0.1 force
+C set [to-10.0.0.2/32]:ID-type=IPV4_ADDR force
+C set [to-10.0.0.2/32]:Address=10.0.0.2 force
+C add [Phase 2]:Connections=from-10.0.0.1/32-to-10.0.0.2/32
diff --git a/regress/sbin/ipsecctl/ike6.ok b/regress/sbin/ipsecctl/ike6.ok
index 6e46035c7c2..f755e168d43 100644
--- a/regress/sbin/ipsecctl/ike6.ok
+++ b/regress/sbin/ipsecctl/ike6.ok
@@ -1,38 +1,38 @@
C set [Phase 1]:131.188.33.29=peer-131.188.33.29 force
C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
-C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force
-C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
+C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Remote-ID=to-10.1.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.2.0/24]:Network=10.1.2.0 force
+C set [to-10.1.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
C set [Phase 1]:131.188.33.29=peer-131.188.33.29 force
C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
-C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force
-C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-131.188.33.51-131.188.33.29]:Phase=2 force
-C set [IPsec-131.188.33.51-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Configuration=qm-131.188.33.51-131.188.33.29 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Local-ID=lid-131.188.33.51 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Remote-ID=rid-131.188.33.29 force
-C set [qm-131.188.33.51-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-131.188.33.51-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-131.188.33.51]:ID-type=IPV4_ADDR force
-C set [lid-131.188.33.51]:Address=131.188.33.51 force
-C set [rid-131.188.33.29]:ID-type=IPV4_ADDR force
-C set [rid-131.188.33.29]:Address=131.188.33.29 force
-C add [Phase 2]:Connections=IPsec-131.188.33.51-131.188.33.29
+C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
+C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
+C set [from-131.188.33.51-to-131.188.33.29]:Phase=2 force
+C set [from-131.188.33.51-to-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
+C set [from-131.188.33.51-to-131.188.33.29]:Configuration=phase2-from-131.188.33.51-to-131.188.33.29 force
+C set [from-131.188.33.51-to-131.188.33.29]:Local-ID=from-131.188.33.51 force
+C set [from-131.188.33.51-to-131.188.33.29]:Remote-ID=to-131.188.33.29 force
+C set [phase2-from-131.188.33.51-to-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-131.188.33.51-to-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-131.188.33.51]:ID-type=IPV4_ADDR force
+C set [from-131.188.33.51]:Address=131.188.33.51 force
+C set [to-131.188.33.29]:ID-type=IPV4_ADDR force
+C set [to-131.188.33.29]:Address=131.188.33.29 force
+C add [Phase 2]:Connections=from-131.188.33.51-to-131.188.33.29
diff --git a/regress/sbin/ipsecctl/ike7.ok b/regress/sbin/ipsecctl/ike7.ok
index a39f1b37ba5..401a040aefc 100644
--- a/regress/sbin/ipsecctl/ike7.ok
+++ b/regress/sbin/ipsecctl/ike7.ok
@@ -1,38 +1,38 @@
C set [Phase 1]:131.188.33.51=peer-131.188.33.51 force
C set [peer-131.188.33.51]:Phase=1 force
C set [peer-131.188.33.51]:Address=131.188.33.51 force
-C set [peer-131.188.33.51]:Configuration=mm-131.188.33.51 force
-C set [mm-131.188.33.51]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.51]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Phase=2 force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:ISAKMP-peer=peer-131.188.33.51 force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Configuration=qm-10.1.2.0/24-10.1.1.0/24 force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Local-ID=lid-10.1.2.0/24 force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Remote-ID=rid-10.1.1.0/24 force
-C set [qm-10.1.2.0/24-10.1.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.2.0/24-10.1.1.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [lid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [rid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Passive-Connections=IPsec-10.1.2.0/24-10.1.1.0/24
+C set [peer-131.188.33.51]:Configuration=phase1-peer-131.188.33.51 force
+C set [phase1-peer-131.188.33.51]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.51]:Transforms=AES-SHA-RSA_SIG force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:Phase=2 force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:ISAKMP-peer=peer-131.188.33.51 force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:Configuration=phase2-from-10.1.2.0/24-to-10.1.1.0/24 force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:Local-ID=from-10.1.2.0/24 force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:Remote-ID=to-10.1.1.0/24 force
+C set [phase2-from-10.1.2.0/24-to-10.1.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.2.0/24-to-10.1.1.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.2.0/24]:Network=10.1.2.0 force
+C set [from-10.1.2.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.1.0/24]:Network=10.1.1.0 force
+C set [to-10.1.1.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Passive-Connections=from-10.1.2.0/24-to-10.1.1.0/24
C set [Phase 1]:131.188.33.51=peer-131.188.33.51 force
C set [peer-131.188.33.51]:Phase=1 force
C set [peer-131.188.33.51]:Address=131.188.33.51 force
-C set [peer-131.188.33.51]:Configuration=mm-131.188.33.51 force
-C set [mm-131.188.33.51]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.51]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-131.188.33.29-131.188.33.51]:Phase=2 force
-C set [IPsec-131.188.33.29-131.188.33.51]:ISAKMP-peer=peer-131.188.33.51 force
-C set [IPsec-131.188.33.29-131.188.33.51]:Configuration=qm-131.188.33.29-131.188.33.51 force
-C set [IPsec-131.188.33.29-131.188.33.51]:Local-ID=lid-131.188.33.29 force
-C set [IPsec-131.188.33.29-131.188.33.51]:Remote-ID=rid-131.188.33.51 force
-C set [qm-131.188.33.29-131.188.33.51]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-131.188.33.29-131.188.33.51]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-131.188.33.29]:ID-type=IPV4_ADDR force
-C set [lid-131.188.33.29]:Address=131.188.33.29 force
-C set [rid-131.188.33.51]:ID-type=IPV4_ADDR force
-C set [rid-131.188.33.51]:Address=131.188.33.51 force
-C add [Phase 2]:Passive-Connections=IPsec-131.188.33.29-131.188.33.51
+C set [peer-131.188.33.51]:Configuration=phase1-peer-131.188.33.51 force
+C set [phase1-peer-131.188.33.51]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.51]:Transforms=AES-SHA-RSA_SIG force
+C set [from-131.188.33.29-to-131.188.33.51]:Phase=2 force
+C set [from-131.188.33.29-to-131.188.33.51]:ISAKMP-peer=peer-131.188.33.51 force
+C set [from-131.188.33.29-to-131.188.33.51]:Configuration=phase2-from-131.188.33.29-to-131.188.33.51 force
+C set [from-131.188.33.29-to-131.188.33.51]:Local-ID=from-131.188.33.29 force
+C set [from-131.188.33.29-to-131.188.33.51]:Remote-ID=to-131.188.33.51 force
+C set [phase2-from-131.188.33.29-to-131.188.33.51]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-131.188.33.29-to-131.188.33.51]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-131.188.33.29]:ID-type=IPV4_ADDR force
+C set [from-131.188.33.29]:Address=131.188.33.29 force
+C set [to-131.188.33.51]:ID-type=IPV4_ADDR force
+C set [to-131.188.33.51]:Address=131.188.33.51 force
+C add [Phase 2]:Passive-Connections=from-131.188.33.29-to-131.188.33.51
diff --git a/regress/sbin/ipsecctl/ike8.ok b/regress/sbin/ipsecctl/ike8.ok
index 45612b98e44..a79aff6fe83 100644
--- a/regress/sbin/ipsecctl/ike8.ok
+++ b/regress/sbin/ipsecctl/ike8.ok
@@ -1,19 +1,19 @@
C set [Phase 1]:192.168.3.1=peer-192.168.3.1 force
C set [peer-192.168.3.1]:Phase=1 force
C set [peer-192.168.3.1]:Address=192.168.3.1 force
-C set [peer-192.168.3.1]:Configuration=mm-192.168.3.1 force
-C set [mm-192.168.3.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-192.168.3.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Phase=2 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Configuration=qm-1.1.1.1-0.0.0.0/0 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force
-C set [qm-1.1.1.1-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
+C set [peer-192.168.3.1]:Configuration=phase1-peer-192.168.3.1 force
+C set [phase1-peer-192.168.3.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-192.168.3.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
diff --git a/regress/sbin/ipsecctl/ike9.ok b/regress/sbin/ipsecctl/ike9.ok
index 4d5c8f75294..948fae49f87 100644
--- a/regress/sbin/ipsecctl/ike9.ok
+++ b/regress/sbin/ipsecctl/ike9.ok
@@ -3,23 +3,23 @@ C set [General]:DPD-check-interval=5 force
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-2.2.2.2]:ID=noname.my.domain-ID force
-C set [noname.my.domain-ID]:ID-type=FQDN force
-C set [noname.my.domain-ID]:Name=noname.my.domain force
-C set [IPsec-3.3.3.0/24-4.4.4.0/24]:Phase=2 force
-C set [IPsec-3.3.3.0/24-4.4.4.0/24]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-3.3.3.0/24-4.4.4.0/24]:Configuration=qm-3.3.3.0/24-4.4.4.0/24 force
-C set [IPsec-3.3.3.0/24-4.4.4.0/24]:Local-ID=lid-3.3.3.0/24 force
-C set [IPsec-3.3.3.0/24-4.4.4.0/24]:Remote-ID=rid-4.4.4.0/24 force
-C set [qm-3.3.3.0/24-4.4.4.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3.3.3.0/24-4.4.4.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-3.3.3.0/24]:Network=3.3.3.0 force
-C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force
-C set [rid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-4.4.4.0/24]:Network=4.4.4.0 force
-C set [rid-4.4.4.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-3.3.3.0/24-4.4.4.0/24
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-2.2.2.2]:ID=id-noname.my.domain force
+C set [id-noname.my.domain]:ID-type=FQDN force
+C set [id-noname.my.domain]:Name=noname.my.domain force
+C set [from-3.3.3.0/24-to-4.4.4.0/24]:Phase=2 force
+C set [from-3.3.3.0/24-to-4.4.4.0/24]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-3.3.3.0/24-to-4.4.4.0/24]:Configuration=phase2-from-3.3.3.0/24-to-4.4.4.0/24 force
+C set [from-3.3.3.0/24-to-4.4.4.0/24]:Local-ID=from-3.3.3.0/24 force
+C set [from-3.3.3.0/24-to-4.4.4.0/24]:Remote-ID=to-4.4.4.0/24 force
+C set [phase2-from-3.3.3.0/24-to-4.4.4.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3.3.3.0/24-to-4.4.4.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-3.3.3.0/24]:Network=3.3.3.0 force
+C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
+C set [to-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-4.4.4.0/24]:Network=4.4.4.0 force
+C set [to-4.4.4.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-3.3.3.0/24-to-4.4.4.0/24
diff --git a/regress/sbin/ipsecctl/ikedel1.ok b/regress/sbin/ipsecctl/ikedel1.ok
index b9ccb241330..3b5ba8a3944 100644
--- a/regress/sbin/ipsecctl/ikedel1.ok
+++ b/regress/sbin/ipsecctl/ikedel1.ok
@@ -1,4 +1,4 @@
-t IPsec-131.188.33.51-131.188.33.29
-C rmv [Phase 2]:Connections=IPsec-131.188.33.51-131.188.33.29
-C rms [IPsec-131.188.33.51-131.188.33.29]
-C rms [qm-131.188.33.51-131.188.33.29]
+t from-131.188.33.51-to-131.188.33.29
+C rmv [Phase 2]:Connections=from-131.188.33.51-to-131.188.33.29
+C rms [from-131.188.33.51-to-131.188.33.29]
+C rms [phase2-from-131.188.33.51-to-131.188.33.29]
diff --git a/regress/sbin/ipsecctl/ikedel10.ok b/regress/sbin/ipsecctl/ikedel10.ok
index 1cbf70f751e..0fe7b61a202 100644
--- a/regress/sbin/ipsecctl/ikedel10.ok
+++ b/regress/sbin/ipsecctl/ikedel10.ok
@@ -1,4 +1,4 @@
-t IPsec-192.168.100.1:0-97-192.168.200.1:0-97
-C rmv [Phase 2]:Connections=IPsec-192.168.100.1:0-97-192.168.200.1:0-97
-C rms [IPsec-192.168.100.1:0-97-192.168.200.1:0-97]
-C rms [qm-192.168.100.1:0-97-192.168.200.1:0-97]
+t from-192.168.100.1=97-to-192.168.200.1=97
+C rmv [Phase 2]:Connections=from-192.168.100.1=97-to-192.168.200.1=97
+C rms [from-192.168.100.1=97-to-192.168.200.1=97]
+C rms [phase2-from-192.168.100.1=97-to-192.168.200.1=97]
diff --git a/regress/sbin/ipsecctl/ikedel11.ok b/regress/sbin/ipsecctl/ikedel11.ok
index b4d7c021903..475f10b063e 100644
--- a/regress/sbin/ipsecctl/ikedel11.ok
+++ b/regress/sbin/ipsecctl/ikedel11.ok
@@ -1,8 +1,8 @@
-t IPsec-1.1.1.1-0.0.0.0/0
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
-C rms [IPsec-1.1.1.1-0.0.0.0/0]
-C rms [qm-1.1.1.1-0.0.0.0/0]
-t IPsec-1.1.1.1-0.0.0.0/0
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
-C rms [IPsec-1.1.1.1-0.0.0.0/0]
-C rms [qm-1.1.1.1-0.0.0.0/0]
+t from-1.1.1.1-to-0.0.0.0/0
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
+C rms [from-1.1.1.1-to-0.0.0.0/0]
+C rms [phase2-from-1.1.1.1-to-0.0.0.0/0]
+t from-1.1.1.1-to-0.0.0.0/0
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
+C rms [from-1.1.1.1-to-0.0.0.0/0]
+C rms [phase2-from-1.1.1.1-to-0.0.0.0/0]
diff --git a/regress/sbin/ipsecctl/ikedel12.ok b/regress/sbin/ipsecctl/ikedel12.ok
index 40d4ec8ee8c..22a8c644def 100644
--- a/regress/sbin/ipsecctl/ikedel12.ok
+++ b/regress/sbin/ipsecctl/ikedel12.ok
@@ -1,13 +1,13 @@
TO = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
-t IPsec-1.1.1.1-2.2.2.0/24
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.0/24
-C rms [IPsec-1.1.1.1-2.2.2.0/24]
-C rms [qm-1.1.1.1-2.2.2.0/24]
-t IPsec-1.1.1.1-3.3.3.0/24
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-3.3.3.0/24
-C rms [IPsec-1.1.1.1-3.3.3.0/24]
-C rms [qm-1.1.1.1-3.3.3.0/24]
-t IPsec-1.1.1.1-4.4.4.0/24
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-4.4.4.0/24
-C rms [IPsec-1.1.1.1-4.4.4.0/24]
-C rms [qm-1.1.1.1-4.4.4.0/24]
+t from-1.1.1.1-to-2.2.2.0/24
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.0/24
+C rms [from-1.1.1.1-to-2.2.2.0/24]
+C rms [phase2-from-1.1.1.1-to-2.2.2.0/24]
+t from-1.1.1.1-to-3.3.3.0/24
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-3.3.3.0/24
+C rms [from-1.1.1.1-to-3.3.3.0/24]
+C rms [phase2-from-1.1.1.1-to-3.3.3.0/24]
+t from-1.1.1.1-to-4.4.4.0/24
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-4.4.4.0/24
+C rms [from-1.1.1.1-to-4.4.4.0/24]
+C rms [phase2-from-1.1.1.1-to-4.4.4.0/24]
diff --git a/regress/sbin/ipsecctl/ikedel13.ok b/regress/sbin/ipsecctl/ikedel13.ok
index 96d61ee8548..e80665011d5 100644
--- a/regress/sbin/ipsecctl/ikedel13.ok
+++ b/regress/sbin/ipsecctl/ikedel13.ok
@@ -1,13 +1,13 @@
FROM = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
-t IPsec-2.2.2.0/24-1.1.1.1
-C rmv [Phase 2]:Connections=IPsec-2.2.2.0/24-1.1.1.1
-C rms [IPsec-2.2.2.0/24-1.1.1.1]
-C rms [qm-2.2.2.0/24-1.1.1.1]
-t IPsec-3.3.3.0/24-1.1.1.1
-C rmv [Phase 2]:Connections=IPsec-3.3.3.0/24-1.1.1.1
-C rms [IPsec-3.3.3.0/24-1.1.1.1]
-C rms [qm-3.3.3.0/24-1.1.1.1]
-t IPsec-4.4.4.0/24-1.1.1.1
-C rmv [Phase 2]:Connections=IPsec-4.4.4.0/24-1.1.1.1
-C rms [IPsec-4.4.4.0/24-1.1.1.1]
-C rms [qm-4.4.4.0/24-1.1.1.1]
+t from-2.2.2.0/24-to-1.1.1.1
+C rmv [Phase 2]:Connections=from-2.2.2.0/24-to-1.1.1.1
+C rms [from-2.2.2.0/24-to-1.1.1.1]
+C rms [phase2-from-2.2.2.0/24-to-1.1.1.1]
+t from-3.3.3.0/24-to-1.1.1.1
+C rmv [Phase 2]:Connections=from-3.3.3.0/24-to-1.1.1.1
+C rms [from-3.3.3.0/24-to-1.1.1.1]
+C rms [phase2-from-3.3.3.0/24-to-1.1.1.1]
+t from-4.4.4.0/24-to-1.1.1.1
+C rmv [Phase 2]:Connections=from-4.4.4.0/24-to-1.1.1.1
+C rms [from-4.4.4.0/24-to-1.1.1.1]
+C rms [phase2-from-4.4.4.0/24-to-1.1.1.1]
diff --git a/regress/sbin/ipsecctl/ikedel14.ok b/regress/sbin/ipsecctl/ikedel14.ok
index b2c55902147..b3a89db610d 100644
--- a/regress/sbin/ipsecctl/ikedel14.ok
+++ b/regress/sbin/ipsecctl/ikedel14.ok
@@ -1,38 +1,38 @@
FROM = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
TO = "{ 5.5.5.0/24, 6.6.6.0/24, 7.7.7.0/24 }"
-t IPsec-2.2.2.0/24-5.5.5.0/24
-C rmv [Phase 2]:Connections=IPsec-2.2.2.0/24-5.5.5.0/24
-C rms [IPsec-2.2.2.0/24-5.5.5.0/24]
-C rms [qm-2.2.2.0/24-5.5.5.0/24]
-t IPsec-2.2.2.0/24-6.6.6.0/24
-C rmv [Phase 2]:Connections=IPsec-2.2.2.0/24-6.6.6.0/24
-C rms [IPsec-2.2.2.0/24-6.6.6.0/24]
-C rms [qm-2.2.2.0/24-6.6.6.0/24]
-t IPsec-2.2.2.0/24-7.7.7.0/24
-C rmv [Phase 2]:Connections=IPsec-2.2.2.0/24-7.7.7.0/24
-C rms [IPsec-2.2.2.0/24-7.7.7.0/24]
-C rms [qm-2.2.2.0/24-7.7.7.0/24]
-t IPsec-3.3.3.0/24-5.5.5.0/24
-C rmv [Phase 2]:Connections=IPsec-3.3.3.0/24-5.5.5.0/24
-C rms [IPsec-3.3.3.0/24-5.5.5.0/24]
-C rms [qm-3.3.3.0/24-5.5.5.0/24]
-t IPsec-3.3.3.0/24-6.6.6.0/24
-C rmv [Phase 2]:Connections=IPsec-3.3.3.0/24-6.6.6.0/24
-C rms [IPsec-3.3.3.0/24-6.6.6.0/24]
-C rms [qm-3.3.3.0/24-6.6.6.0/24]
-t IPsec-3.3.3.0/24-7.7.7.0/24
-C rmv [Phase 2]:Connections=IPsec-3.3.3.0/24-7.7.7.0/24
-C rms [IPsec-3.3.3.0/24-7.7.7.0/24]
-C rms [qm-3.3.3.0/24-7.7.7.0/24]
-t IPsec-4.4.4.0/24-5.5.5.0/24
-C rmv [Phase 2]:Connections=IPsec-4.4.4.0/24-5.5.5.0/24
-C rms [IPsec-4.4.4.0/24-5.5.5.0/24]
-C rms [qm-4.4.4.0/24-5.5.5.0/24]
-t IPsec-4.4.4.0/24-6.6.6.0/24
-C rmv [Phase 2]:Connections=IPsec-4.4.4.0/24-6.6.6.0/24
-C rms [IPsec-4.4.4.0/24-6.6.6.0/24]
-C rms [qm-4.4.4.0/24-6.6.6.0/24]
-t IPsec-4.4.4.0/24-7.7.7.0/24
-C rmv [Phase 2]:Connections=IPsec-4.4.4.0/24-7.7.7.0/24
-C rms [IPsec-4.4.4.0/24-7.7.7.0/24]
-C rms [qm-4.4.4.0/24-7.7.7.0/24]
+t from-2.2.2.0/24-to-5.5.5.0/24
+C rmv [Phase 2]:Connections=from-2.2.2.0/24-to-5.5.5.0/24
+C rms [from-2.2.2.0/24-to-5.5.5.0/24]
+C rms [phase2-from-2.2.2.0/24-to-5.5.5.0/24]
+t from-2.2.2.0/24-to-6.6.6.0/24
+C rmv [Phase 2]:Connections=from-2.2.2.0/24-to-6.6.6.0/24
+C rms [from-2.2.2.0/24-to-6.6.6.0/24]
+C rms [phase2-from-2.2.2.0/24-to-6.6.6.0/24]
+t from-2.2.2.0/24-to-7.7.7.0/24
+C rmv [Phase 2]:Connections=from-2.2.2.0/24-to-7.7.7.0/24
+C rms [from-2.2.2.0/24-to-7.7.7.0/24]
+C rms [phase2-from-2.2.2.0/24-to-7.7.7.0/24]
+t from-3.3.3.0/24-to-5.5.5.0/24
+C rmv [Phase 2]:Connections=from-3.3.3.0/24-to-5.5.5.0/24
+C rms [from-3.3.3.0/24-to-5.5.5.0/24]
+C rms [phase2-from-3.3.3.0/24-to-5.5.5.0/24]
+t from-3.3.3.0/24-to-6.6.6.0/24
+C rmv [Phase 2]:Connections=from-3.3.3.0/24-to-6.6.6.0/24
+C rms [from-3.3.3.0/24-to-6.6.6.0/24]
+C rms [phase2-from-3.3.3.0/24-to-6.6.6.0/24]
+t from-3.3.3.0/24-to-7.7.7.0/24
+C rmv [Phase 2]:Connections=from-3.3.3.0/24-to-7.7.7.0/24
+C rms [from-3.3.3.0/24-to-7.7.7.0/24]
+C rms [phase2-from-3.3.3.0/24-to-7.7.7.0/24]
+t from-4.4.4.0/24-to-5.5.5.0/24
+C rmv [Phase 2]:Connections=from-4.4.4.0/24-to-5.5.5.0/24
+C rms [from-4.4.4.0/24-to-5.5.5.0/24]
+C rms [phase2-from-4.4.4.0/24-to-5.5.5.0/24]
+t from-4.4.4.0/24-to-6.6.6.0/24
+C rmv [Phase 2]:Connections=from-4.4.4.0/24-to-6.6.6.0/24
+C rms [from-4.4.4.0/24-to-6.6.6.0/24]
+C rms [phase2-from-4.4.4.0/24-to-6.6.6.0/24]
+t from-4.4.4.0/24-to-7.7.7.0/24
+C rmv [Phase 2]:Connections=from-4.4.4.0/24-to-7.7.7.0/24
+C rms [from-4.4.4.0/24-to-7.7.7.0/24]
+C rms [phase2-from-4.4.4.0/24-to-7.7.7.0/24]
diff --git a/regress/sbin/ipsecctl/ikedel15.ok b/regress/sbin/ipsecctl/ikedel15.ok
index 7533714a422..84b7935d361 100644
--- a/regress/sbin/ipsecctl/ikedel15.ok
+++ b/regress/sbin/ipsecctl/ikedel15.ok
@@ -1,4 +1,4 @@
-t IPsec-10.1.1.0/24-10.1.2.0/24
-C rmv [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
-C rms [IPsec-10.1.1.0/24-10.1.2.0/24]
-C rms [qm-10.1.1.0/24-10.1.2.0/24]
+t from-10.1.1.0/24-to-10.1.2.0/24
+C rmv [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
+C rms [from-10.1.1.0/24-to-10.1.2.0/24]
+C rms [phase2-from-10.1.1.0/24-to-10.1.2.0/24]
diff --git a/regress/sbin/ipsecctl/ikedel16.ok b/regress/sbin/ipsecctl/ikedel16.ok
index 41535fe60e0..cdb180fb472 100644
--- a/regress/sbin/ipsecctl/ikedel16.ok
+++ b/regress/sbin/ipsecctl/ikedel16.ok
@@ -1,8 +1,8 @@
-t IPsec-10.1.1.0/24-10.1.2.0/24
-C rmv [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
-C rms [IPsec-10.1.1.0/24-10.1.2.0/24]
-C rms [qm-10.1.1.0/24-10.1.2.0/24]
-t IPsec-3ffe::51-3ffe::29
-C rmv [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
-C rms [IPsec-3ffe::51-3ffe::29]
-C rms [qm-3ffe::51-3ffe::29]
+t from-10.1.1.0/24-to-10.1.2.0/24
+C rmv [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
+C rms [from-10.1.1.0/24-to-10.1.2.0/24]
+C rms [phase2-from-10.1.1.0/24-to-10.1.2.0/24]
+t from-3ffe::51-to-3ffe::29
+C rmv [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
+C rms [from-3ffe::51-to-3ffe::29]
+C rms [phase2-from-3ffe::51-to-3ffe::29]
diff --git a/regress/sbin/ipsecctl/ikedel17.ok b/regress/sbin/ipsecctl/ikedel17.ok
index 41535fe60e0..cdb180fb472 100644
--- a/regress/sbin/ipsecctl/ikedel17.ok
+++ b/regress/sbin/ipsecctl/ikedel17.ok
@@ -1,8 +1,8 @@
-t IPsec-10.1.1.0/24-10.1.2.0/24
-C rmv [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
-C rms [IPsec-10.1.1.0/24-10.1.2.0/24]
-C rms [qm-10.1.1.0/24-10.1.2.0/24]
-t IPsec-3ffe::51-3ffe::29
-C rmv [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
-C rms [IPsec-3ffe::51-3ffe::29]
-C rms [qm-3ffe::51-3ffe::29]
+t from-10.1.1.0/24-to-10.1.2.0/24
+C rmv [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
+C rms [from-10.1.1.0/24-to-10.1.2.0/24]
+C rms [phase2-from-10.1.1.0/24-to-10.1.2.0/24]
+t from-3ffe::51-to-3ffe::29
+C rmv [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
+C rms [from-3ffe::51-to-3ffe::29]
+C rms [phase2-from-3ffe::51-to-3ffe::29]
diff --git a/regress/sbin/ipsecctl/ikedel18.ok b/regress/sbin/ipsecctl/ikedel18.ok
index 747cf7cd394..08de725df25 100644
--- a/regress/sbin/ipsecctl/ikedel18.ok
+++ b/regress/sbin/ipsecctl/ikedel18.ok
@@ -1,8 +1,8 @@
-t IPsec-10.1.2.0/24-10.1.1.0/24
-C rmv [Phase 2]:Passive-Connections=IPsec-10.1.2.0/24-10.1.1.0/24
-C rms [IPsec-10.1.2.0/24-10.1.1.0/24]
-C rms [qm-10.1.2.0/24-10.1.1.0/24]
-t IPsec-3ffe::29-3ffe::51
-C rmv [Phase 2]:Passive-Connections=IPsec-3ffe::29-3ffe::51
-C rms [IPsec-3ffe::29-3ffe::51]
-C rms [qm-3ffe::29-3ffe::51]
+t from-10.1.2.0/24-to-10.1.1.0/24
+C rmv [Phase 2]:Passive-Connections=from-10.1.2.0/24-to-10.1.1.0/24
+C rms [from-10.1.2.0/24-to-10.1.1.0/24]
+C rms [phase2-from-10.1.2.0/24-to-10.1.1.0/24]
+t from-3ffe::29-to-3ffe::51
+C rmv [Phase 2]:Passive-Connections=from-3ffe::29-to-3ffe::51
+C rms [from-3ffe::29-to-3ffe::51]
+C rms [phase2-from-3ffe::29-to-3ffe::51]
diff --git a/regress/sbin/ipsecctl/ikedel19.ok b/regress/sbin/ipsecctl/ikedel19.ok
index 348019d0c58..877f8f40f82 100644
--- a/regress/sbin/ipsecctl/ikedel19.ok
+++ b/regress/sbin/ipsecctl/ikedel19.ok
@@ -1,4 +1,4 @@
-t IPsec-1.1.1.1-0.0.0.0/0
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
-C rms [IPsec-1.1.1.1-0.0.0.0/0]
-C rms [qm-1.1.1.1-0.0.0.0/0]
+t from-1.1.1.1-to-0.0.0.0/0
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
+C rms [from-1.1.1.1-to-0.0.0.0/0]
+C rms [phase2-from-1.1.1.1-to-0.0.0.0/0]
diff --git a/regress/sbin/ipsecctl/ikedel2.ok b/regress/sbin/ipsecctl/ikedel2.ok
index 7533714a422..84b7935d361 100644
--- a/regress/sbin/ipsecctl/ikedel2.ok
+++ b/regress/sbin/ipsecctl/ikedel2.ok
@@ -1,4 +1,4 @@
-t IPsec-10.1.1.0/24-10.1.2.0/24
-C rmv [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
-C rms [IPsec-10.1.1.0/24-10.1.2.0/24]
-C rms [qm-10.1.1.0/24-10.1.2.0/24]
+t from-10.1.1.0/24-to-10.1.2.0/24
+C rmv [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
+C rms [from-10.1.1.0/24-to-10.1.2.0/24]
+C rms [phase2-from-10.1.1.0/24-to-10.1.2.0/24]
diff --git a/regress/sbin/ipsecctl/ikedel20.ok b/regress/sbin/ipsecctl/ikedel20.ok
index b4d7c021903..475f10b063e 100644
--- a/regress/sbin/ipsecctl/ikedel20.ok
+++ b/regress/sbin/ipsecctl/ikedel20.ok
@@ -1,8 +1,8 @@
-t IPsec-1.1.1.1-0.0.0.0/0
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
-C rms [IPsec-1.1.1.1-0.0.0.0/0]
-C rms [qm-1.1.1.1-0.0.0.0/0]
-t IPsec-1.1.1.1-0.0.0.0/0
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
-C rms [IPsec-1.1.1.1-0.0.0.0/0]
-C rms [qm-1.1.1.1-0.0.0.0/0]
+t from-1.1.1.1-to-0.0.0.0/0
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
+C rms [from-1.1.1.1-to-0.0.0.0/0]
+C rms [phase2-from-1.1.1.1-to-0.0.0.0/0]
+t from-1.1.1.1-to-0.0.0.0/0
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
+C rms [from-1.1.1.1-to-0.0.0.0/0]
+C rms [phase2-from-1.1.1.1-to-0.0.0.0/0]
diff --git a/regress/sbin/ipsecctl/ikedel21.ok b/regress/sbin/ipsecctl/ikedel21.ok
index a351c8697ca..ece0234b9aa 100644
--- a/regress/sbin/ipsecctl/ikedel21.ok
+++ b/regress/sbin/ipsecctl/ikedel21.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe::1-3ffe::2
-C rmv [Phase 2]:Connections=IPsec-3ffe::1-3ffe::2
-C rms [IPsec-3ffe::1-3ffe::2]
-C rms [qm-3ffe::1-3ffe::2]
+t from-3ffe::1-to-3ffe::2
+C rmv [Phase 2]:Connections=from-3ffe::1-to-3ffe::2
+C rms [from-3ffe::1-to-3ffe::2]
+C rms [phase2-from-3ffe::1-to-3ffe::2]
diff --git a/regress/sbin/ipsecctl/ikedel22.ok b/regress/sbin/ipsecctl/ikedel22.ok
index 7533714a422..84b7935d361 100644
--- a/regress/sbin/ipsecctl/ikedel22.ok
+++ b/regress/sbin/ipsecctl/ikedel22.ok
@@ -1,4 +1,4 @@
-t IPsec-10.1.1.0/24-10.1.2.0/24
-C rmv [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
-C rms [IPsec-10.1.1.0/24-10.1.2.0/24]
-C rms [qm-10.1.1.0/24-10.1.2.0/24]
+t from-10.1.1.0/24-to-10.1.2.0/24
+C rmv [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
+C rms [from-10.1.1.0/24-to-10.1.2.0/24]
+C rms [phase2-from-10.1.1.0/24-to-10.1.2.0/24]
diff --git a/regress/sbin/ipsecctl/ikedel23.ok b/regress/sbin/ipsecctl/ikedel23.ok
index 011bcc514c0..e6e030043ff 100644
--- a/regress/sbin/ipsecctl/ikedel23.ok
+++ b/regress/sbin/ipsecctl/ikedel23.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe::51-3ffe::29
-C rmv [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
-C rms [IPsec-3ffe::51-3ffe::29]
-C rms [qm-3ffe::51-3ffe::29]
+t from-3ffe::51-to-3ffe::29
+C rmv [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
+C rms [from-3ffe::51-to-3ffe::29]
+C rms [phase2-from-3ffe::51-to-3ffe::29]
diff --git a/regress/sbin/ipsecctl/ikedel29.ok b/regress/sbin/ipsecctl/ikedel29.ok
index 4e32fc51a2e..b599d9ed5a0 100644
--- a/regress/sbin/ipsecctl/ikedel29.ok
+++ b/regress/sbin/ipsecctl/ikedel29.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe:3::/64-3ffe:4::/64
-C rmv [Phase 2]:Connections=IPsec-3ffe:3::/64-3ffe:4::/64
-C rms [IPsec-3ffe:3::/64-3ffe:4::/64]
-C rms [qm-3ffe:3::/64-3ffe:4::/64]
+t from-3ffe:3::/64-to-3ffe:4::/64
+C rmv [Phase 2]:Connections=from-3ffe:3::/64-to-3ffe:4::/64
+C rms [from-3ffe:3::/64-to-3ffe:4::/64]
+C rms [phase2-from-3ffe:3::/64-to-3ffe:4::/64]
diff --git a/regress/sbin/ipsecctl/ikedel3.ok b/regress/sbin/ipsecctl/ikedel3.ok
index b9ccb241330..3b5ba8a3944 100644
--- a/regress/sbin/ipsecctl/ikedel3.ok
+++ b/regress/sbin/ipsecctl/ikedel3.ok
@@ -1,4 +1,4 @@
-t IPsec-131.188.33.51-131.188.33.29
-C rmv [Phase 2]:Connections=IPsec-131.188.33.51-131.188.33.29
-C rms [IPsec-131.188.33.51-131.188.33.29]
-C rms [qm-131.188.33.51-131.188.33.29]
+t from-131.188.33.51-to-131.188.33.29
+C rmv [Phase 2]:Connections=from-131.188.33.51-to-131.188.33.29
+C rms [from-131.188.33.51-to-131.188.33.29]
+C rms [phase2-from-131.188.33.51-to-131.188.33.29]
diff --git a/regress/sbin/ipsecctl/ikedel30.ok b/regress/sbin/ipsecctl/ikedel30.ok
index 99e1524e1d7..f06f4e31b81 100644
--- a/regress/sbin/ipsecctl/ikedel30.ok
+++ b/regress/sbin/ipsecctl/ikedel30.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe::1:0-97-3ffe::2:0-97
-C rmv [Phase 2]:Connections=IPsec-3ffe::1:0-97-3ffe::2:0-97
-C rms [IPsec-3ffe::1:0-97-3ffe::2:0-97]
-C rms [qm-3ffe::1:0-97-3ffe::2:0-97]
+t from-3ffe::1=97-to-3ffe::2=97
+C rmv [Phase 2]:Connections=from-3ffe::1=97-to-3ffe::2=97
+C rms [from-3ffe::1=97-to-3ffe::2=97]
+C rms [phase2-from-3ffe::1=97-to-3ffe::2=97]
diff --git a/regress/sbin/ipsecctl/ikedel31.ok b/regress/sbin/ipsecctl/ikedel31.ok
index 9d25b1bd4f3..718af424d24 100644
--- a/regress/sbin/ipsecctl/ikedel31.ok
+++ b/regress/sbin/ipsecctl/ikedel31.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe:2::1-::/0
-C rmv [Phase 2]:Connections=IPsec-3ffe:2::1-::/0
-C rms [IPsec-3ffe:2::1-::/0]
-C rms [qm-3ffe:2::1-::/0]
+t from-3ffe:2::1-to-::/0
+C rmv [Phase 2]:Connections=from-3ffe:2::1-to-::/0
+C rms [from-3ffe:2::1-to-::/0]
+C rms [phase2-from-3ffe:2::1-to-::/0]
diff --git a/regress/sbin/ipsecctl/ikedel32.ok b/regress/sbin/ipsecctl/ikedel32.ok
index b5c99a866df..2d8a848f385 100644
--- a/regress/sbin/ipsecctl/ikedel32.ok
+++ b/regress/sbin/ipsecctl/ikedel32.ok
@@ -1,4 +1,4 @@
-t IPsec-1.1.1.1-2.2.2.2
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
-C rms [IPsec-1.1.1.1-2.2.2.2]
-C rms [qm-1.1.1.1-2.2.2.2]
+t from-1.1.1.1-to-2.2.2.2
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
+C rms [from-1.1.1.1-to-2.2.2.2]
+C rms [phase2-from-1.1.1.1-to-2.2.2.2]
diff --git a/regress/sbin/ipsecctl/ikedel33.ok b/regress/sbin/ipsecctl/ikedel33.ok
index b5c99a866df..2d8a848f385 100644
--- a/regress/sbin/ipsecctl/ikedel33.ok
+++ b/regress/sbin/ipsecctl/ikedel33.ok
@@ -1,4 +1,4 @@
-t IPsec-1.1.1.1-2.2.2.2
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
-C rms [IPsec-1.1.1.1-2.2.2.2]
-C rms [qm-1.1.1.1-2.2.2.2]
+t from-1.1.1.1-to-2.2.2.2
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
+C rms [from-1.1.1.1-to-2.2.2.2]
+C rms [phase2-from-1.1.1.1-to-2.2.2.2]
diff --git a/regress/sbin/ipsecctl/ikedel34.ok b/regress/sbin/ipsecctl/ikedel34.ok
index 5d1826004d8..8b9222ca330 100644
--- a/regress/sbin/ipsecctl/ikedel34.ok
+++ b/regress/sbin/ipsecctl/ikedel34.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe::1/24-3ffe:2::/24
-C rmv [Phase 2]:Connections=IPsec-3ffe::1/24-3ffe:2::/24
-C rms [IPsec-3ffe::1/24-3ffe:2::/24]
-C rms [qm-3ffe::1/24-3ffe:2::/24]
+t from-3ffe::1/24-to-3ffe:2::/24
+C rmv [Phase 2]:Connections=from-3ffe::1/24-to-3ffe:2::/24
+C rms [from-3ffe::1/24-to-3ffe:2::/24]
+C rms [phase2-from-3ffe::1/24-to-3ffe:2::/24]
diff --git a/regress/sbin/ipsecctl/ikedel35.ok b/regress/sbin/ipsecctl/ikedel35.ok
index 2591e9bae8a..d5a2dba97eb 100644
--- a/regress/sbin/ipsecctl/ikedel35.ok
+++ b/regress/sbin/ipsecctl/ikedel35.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe:2::/24-3ffe::1/24
-C rmv [Phase 2]:Connections=IPsec-3ffe:2::/24-3ffe::1/24
-C rms [IPsec-3ffe:2::/24-3ffe::1/24]
-C rms [qm-3ffe:2::/24-3ffe::1/24]
+t from-3ffe:2::/24-to-3ffe::1/24
+C rmv [Phase 2]:Connections=from-3ffe:2::/24-to-3ffe::1/24
+C rms [from-3ffe:2::/24-to-3ffe::1/24]
+C rms [phase2-from-3ffe:2::/24-to-3ffe::1/24]
diff --git a/regress/sbin/ipsecctl/ikedel36.ok b/regress/sbin/ipsecctl/ikedel36.ok
index 537ca7158f3..374004944a6 100644
--- a/regress/sbin/ipsecctl/ikedel36.ok
+++ b/regress/sbin/ipsecctl/ikedel36.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe::3-3ffe::4
-C rmv [Phase 2]:Connections=IPsec-3ffe::3-3ffe::4
-C rms [IPsec-3ffe::3-3ffe::4]
-C rms [qm-3ffe::3-3ffe::4]
+t from-3ffe::3-to-3ffe::4
+C rmv [Phase 2]:Connections=from-3ffe::3-to-3ffe::4
+C rms [from-3ffe::3-to-3ffe::4]
+C rms [phase2-from-3ffe::3-to-3ffe::4]
diff --git a/regress/sbin/ipsecctl/ikedel37.ok b/regress/sbin/ipsecctl/ikedel37.ok
index f39c2e7fb2f..f26b164ad27 100644
--- a/regress/sbin/ipsecctl/ikedel37.ok
+++ b/regress/sbin/ipsecctl/ikedel37.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe:1::/64-3ffe:2::/64
-C rmv [Phase 2]:Connections=IPsec-3ffe:1::/64-3ffe:2::/64
-C rms [IPsec-3ffe:1::/64-3ffe:2::/64]
-C rms [qm-3ffe:1::/64-3ffe:2::/64]
+t from-3ffe:1::/64-to-3ffe:2::/64
+C rmv [Phase 2]:Connections=from-3ffe:1::/64-to-3ffe:2::/64
+C rms [from-3ffe:1::/64-to-3ffe:2::/64]
+C rms [phase2-from-3ffe:1::/64-to-3ffe:2::/64]
diff --git a/regress/sbin/ipsecctl/ikedel38.ok b/regress/sbin/ipsecctl/ikedel38.ok
index 2b8a6128b7a..d662ee836c3 100644
--- a/regress/sbin/ipsecctl/ikedel38.ok
+++ b/regress/sbin/ipsecctl/ikedel38.ok
@@ -1,8 +1,8 @@
-t IPsec-3ffe:1::/64-3ffe:2::/64
-C rmv [Phase 2]:Connections=IPsec-3ffe:1::/64-3ffe:2::/64
-C rms [IPsec-3ffe:1::/64-3ffe:2::/64]
-C rms [qm-3ffe:1::/64-3ffe:2::/64]
-t IPsec-3ffe::51-3ffe::29
-C rmv [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
-C rms [IPsec-3ffe::51-3ffe::29]
-C rms [qm-3ffe::51-3ffe::29]
+t from-3ffe:1::/64-to-3ffe:2::/64
+C rmv [Phase 2]:Connections=from-3ffe:1::/64-to-3ffe:2::/64
+C rms [from-3ffe:1::/64-to-3ffe:2::/64]
+C rms [phase2-from-3ffe:1::/64-to-3ffe:2::/64]
+t from-3ffe::51-to-3ffe::29
+C rmv [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
+C rms [from-3ffe::51-to-3ffe::29]
+C rms [phase2-from-3ffe::51-to-3ffe::29]
diff --git a/regress/sbin/ipsecctl/ikedel39.ok b/regress/sbin/ipsecctl/ikedel39.ok
index 2b8a6128b7a..d662ee836c3 100644
--- a/regress/sbin/ipsecctl/ikedel39.ok
+++ b/regress/sbin/ipsecctl/ikedel39.ok
@@ -1,8 +1,8 @@
-t IPsec-3ffe:1::/64-3ffe:2::/64
-C rmv [Phase 2]:Connections=IPsec-3ffe:1::/64-3ffe:2::/64
-C rms [IPsec-3ffe:1::/64-3ffe:2::/64]
-C rms [qm-3ffe:1::/64-3ffe:2::/64]
-t IPsec-3ffe::51-3ffe::29
-C rmv [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
-C rms [IPsec-3ffe::51-3ffe::29]
-C rms [qm-3ffe::51-3ffe::29]
+t from-3ffe:1::/64-to-3ffe:2::/64
+C rmv [Phase 2]:Connections=from-3ffe:1::/64-to-3ffe:2::/64
+C rms [from-3ffe:1::/64-to-3ffe:2::/64]
+C rms [phase2-from-3ffe:1::/64-to-3ffe:2::/64]
+t from-3ffe::51-to-3ffe::29
+C rmv [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
+C rms [from-3ffe::51-to-3ffe::29]
+C rms [phase2-from-3ffe::51-to-3ffe::29]
diff --git a/regress/sbin/ipsecctl/ikedel4.ok b/regress/sbin/ipsecctl/ikedel4.ok
index 7533714a422..84b7935d361 100644
--- a/regress/sbin/ipsecctl/ikedel4.ok
+++ b/regress/sbin/ipsecctl/ikedel4.ok
@@ -1,4 +1,4 @@
-t IPsec-10.1.1.0/24-10.1.2.0/24
-C rmv [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
-C rms [IPsec-10.1.1.0/24-10.1.2.0/24]
-C rms [qm-10.1.1.0/24-10.1.2.0/24]
+t from-10.1.1.0/24-to-10.1.2.0/24
+C rmv [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
+C rms [from-10.1.1.0/24-to-10.1.2.0/24]
+C rms [phase2-from-10.1.1.0/24-to-10.1.2.0/24]
diff --git a/regress/sbin/ipsecctl/ikedel40.ok b/regress/sbin/ipsecctl/ikedel40.ok
index 12263436b5a..ea82fffd11d 100644
--- a/regress/sbin/ipsecctl/ikedel40.ok
+++ b/regress/sbin/ipsecctl/ikedel40.ok
@@ -1,8 +1,8 @@
-t IPsec-3ffe:1::/64-3ffe:2::/64
-C rmv [Phase 2]:Passive-Connections=IPsec-3ffe:1::/64-3ffe:2::/64
-C rms [IPsec-3ffe:1::/64-3ffe:2::/64]
-C rms [qm-3ffe:1::/64-3ffe:2::/64]
-t IPsec-3ffe::29-3ffe::51
-C rmv [Phase 2]:Passive-Connections=IPsec-3ffe::29-3ffe::51
-C rms [IPsec-3ffe::29-3ffe::51]
-C rms [qm-3ffe::29-3ffe::51]
+t from-3ffe:1::/64-to-3ffe:2::/64
+C rmv [Phase 2]:Passive-Connections=from-3ffe:1::/64-to-3ffe:2::/64
+C rms [from-3ffe:1::/64-to-3ffe:2::/64]
+C rms [phase2-from-3ffe:1::/64-to-3ffe:2::/64]
+t from-3ffe::29-to-3ffe::51
+C rmv [Phase 2]:Passive-Connections=from-3ffe::29-to-3ffe::51
+C rms [from-3ffe::29-to-3ffe::51]
+C rms [phase2-from-3ffe::29-to-3ffe::51]
diff --git a/regress/sbin/ipsecctl/ikedel41.ok b/regress/sbin/ipsecctl/ikedel41.ok
index b5c99a866df..2d8a848f385 100644
--- a/regress/sbin/ipsecctl/ikedel41.ok
+++ b/regress/sbin/ipsecctl/ikedel41.ok
@@ -1,4 +1,4 @@
-t IPsec-1.1.1.1-2.2.2.2
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
-C rms [IPsec-1.1.1.1-2.2.2.2]
-C rms [qm-1.1.1.1-2.2.2.2]
+t from-1.1.1.1-to-2.2.2.2
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
+C rms [from-1.1.1.1-to-2.2.2.2]
+C rms [phase2-from-1.1.1.1-to-2.2.2.2]
diff --git a/regress/sbin/ipsecctl/ikedel42.ok b/regress/sbin/ipsecctl/ikedel42.ok
index ee383de31ba..63c5bac70ff 100644
--- a/regress/sbin/ipsecctl/ikedel42.ok
+++ b/regress/sbin/ipsecctl/ikedel42.ok
@@ -1,4 +1,4 @@
-t IPsec-1.1.1.1:123-17-2.2.2.2:0-17
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1:123-17-2.2.2.2:0-17
-C rms [IPsec-1.1.1.1:123-17-2.2.2.2:0-17]
-C rms [qm-1.1.1.1:123-17-2.2.2.2:0-17]
+t from-1.1.1.1=17:123-to-2.2.2.2=17
+C rmv [Phase 2]:Connections=from-1.1.1.1=17:123-to-2.2.2.2=17
+C rms [from-1.1.1.1=17:123-to-2.2.2.2=17]
+C rms [phase2-from-1.1.1.1=17:123-to-2.2.2.2=17]
diff --git a/regress/sbin/ipsecctl/ikedel43.ok b/regress/sbin/ipsecctl/ikedel43.ok
index 933e3eddabc..6c222643500 100644
--- a/regress/sbin/ipsecctl/ikedel43.ok
+++ b/regress/sbin/ipsecctl/ikedel43.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe::1:2022-6-3ffe::2:22-6
-C rmv [Phase 2]:Connections=IPsec-3ffe::1:2022-6-3ffe::2:22-6
-C rms [IPsec-3ffe::1:2022-6-3ffe::2:22-6]
-C rms [qm-3ffe::1:2022-6-3ffe::2:22-6]
+t from-3ffe::1=6:2022-to-3ffe::2=6:22
+C rmv [Phase 2]:Connections=from-3ffe::1=6:2022-to-3ffe::2=6:22
+C rms [from-3ffe::1=6:2022-to-3ffe::2=6:22]
+C rms [phase2-from-3ffe::1=6:2022-to-3ffe::2=6:22]
diff --git a/regress/sbin/ipsecctl/ikedel46.ok b/regress/sbin/ipsecctl/ikedel46.ok
index 471de415e73..72e3255f9d4 100644
--- a/regress/sbin/ipsecctl/ikedel46.ok
+++ b/regress/sbin/ipsecctl/ikedel46.ok
@@ -1,8 +1,8 @@
-t IPsec-1.1.1.1-2.2.2.2
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
-C rms [IPsec-1.1.1.1-2.2.2.2]
-C rms [qm-1.1.1.1-2.2.2.2]
-t IPsec-1.1.1.1-2.2.2.2
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
-C rms [IPsec-1.1.1.1-2.2.2.2]
-C rms [qm-1.1.1.1-2.2.2.2]
+t from-1.1.1.1-to-2.2.2.2
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
+C rms [from-1.1.1.1-to-2.2.2.2]
+C rms [phase2-from-1.1.1.1-to-2.2.2.2]
+t from-1.1.1.1-to-2.2.2.2
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
+C rms [from-1.1.1.1-to-2.2.2.2]
+C rms [phase2-from-1.1.1.1-to-2.2.2.2]
diff --git a/regress/sbin/ipsecctl/ikedel47.ok b/regress/sbin/ipsecctl/ikedel47.ok
index d5cfca95892..21bb8960f42 100644
--- a/regress/sbin/ipsecctl/ikedel47.ok
+++ b/regress/sbin/ipsecctl/ikedel47.ok
@@ -1,8 +1,8 @@
-t IPsec-0.0.0.0/0-0.0.0.0/0
-C rmv [Phase 2]:Connections=IPsec-0.0.0.0/0-0.0.0.0/0
-C rms [IPsec-0.0.0.0/0-0.0.0.0/0]
-C rms [qm-0.0.0.0/0-0.0.0.0/0]
-t IPsec-::/0-::/0
-C rmv [Phase 2]:Connections=IPsec-::/0-::/0
-C rms [IPsec-::/0-::/0]
-C rms [qm-::/0-::/0]
+t from-0.0.0.0/0-to-0.0.0.0/0
+C rmv [Phase 2]:Connections=from-0.0.0.0/0-to-0.0.0.0/0
+C rms [from-0.0.0.0/0-to-0.0.0.0/0]
+C rms [phase2-from-0.0.0.0/0-to-0.0.0.0/0]
+t from-::/0-to-::/0
+C rmv [Phase 2]:Connections=from-::/0-to-::/0
+C rms [from-::/0-to-::/0]
+C rms [phase2-from-::/0-to-::/0]
diff --git a/regress/sbin/ipsecctl/ikedel5.ok b/regress/sbin/ipsecctl/ikedel5.ok
index c4ad919794f..ffe427b993d 100644
--- a/regress/sbin/ipsecctl/ikedel5.ok
+++ b/regress/sbin/ipsecctl/ikedel5.ok
@@ -1,8 +1,8 @@
-t IPsec-10.1.1.0/24-10.1.2.0/24
-C rmv [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
-C rms [IPsec-10.1.1.0/24-10.1.2.0/24]
-C rms [qm-10.1.1.0/24-10.1.2.0/24]
-t IPsec-131.188.33.51-131.188.33.29
-C rmv [Phase 2]:Connections=IPsec-131.188.33.51-131.188.33.29
-C rms [IPsec-131.188.33.51-131.188.33.29]
-C rms [qm-131.188.33.51-131.188.33.29]
+t from-10.1.1.0/24-to-10.1.2.0/24
+C rmv [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
+C rms [from-10.1.1.0/24-to-10.1.2.0/24]
+C rms [phase2-from-10.1.1.0/24-to-10.1.2.0/24]
+t from-131.188.33.51-to-131.188.33.29
+C rmv [Phase 2]:Connections=from-131.188.33.51-to-131.188.33.29
+C rms [from-131.188.33.51-to-131.188.33.29]
+C rms [phase2-from-131.188.33.51-to-131.188.33.29]
diff --git a/regress/sbin/ipsecctl/ikedel6.ok b/regress/sbin/ipsecctl/ikedel6.ok
index c4ad919794f..ffe427b993d 100644
--- a/regress/sbin/ipsecctl/ikedel6.ok
+++ b/regress/sbin/ipsecctl/ikedel6.ok
@@ -1,8 +1,8 @@
-t IPsec-10.1.1.0/24-10.1.2.0/24
-C rmv [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
-C rms [IPsec-10.1.1.0/24-10.1.2.0/24]
-C rms [qm-10.1.1.0/24-10.1.2.0/24]
-t IPsec-131.188.33.51-131.188.33.29
-C rmv [Phase 2]:Connections=IPsec-131.188.33.51-131.188.33.29
-C rms [IPsec-131.188.33.51-131.188.33.29]
-C rms [qm-131.188.33.51-131.188.33.29]
+t from-10.1.1.0/24-to-10.1.2.0/24
+C rmv [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
+C rms [from-10.1.1.0/24-to-10.1.2.0/24]
+C rms [phase2-from-10.1.1.0/24-to-10.1.2.0/24]
+t from-131.188.33.51-to-131.188.33.29
+C rmv [Phase 2]:Connections=from-131.188.33.51-to-131.188.33.29
+C rms [from-131.188.33.51-to-131.188.33.29]
+C rms [phase2-from-131.188.33.51-to-131.188.33.29]
diff --git a/regress/sbin/ipsecctl/ikedel7.ok b/regress/sbin/ipsecctl/ikedel7.ok
index ace9069ff70..8102d736f09 100644
--- a/regress/sbin/ipsecctl/ikedel7.ok
+++ b/regress/sbin/ipsecctl/ikedel7.ok
@@ -1,8 +1,8 @@
-t IPsec-10.1.2.0/24-10.1.1.0/24
-C rmv [Phase 2]:Passive-Connections=IPsec-10.1.2.0/24-10.1.1.0/24
-C rms [IPsec-10.1.2.0/24-10.1.1.0/24]
-C rms [qm-10.1.2.0/24-10.1.1.0/24]
-t IPsec-131.188.33.29-131.188.33.51
-C rmv [Phase 2]:Passive-Connections=IPsec-131.188.33.29-131.188.33.51
-C rms [IPsec-131.188.33.29-131.188.33.51]
-C rms [qm-131.188.33.29-131.188.33.51]
+t from-10.1.2.0/24-to-10.1.1.0/24
+C rmv [Phase 2]:Passive-Connections=from-10.1.2.0/24-to-10.1.1.0/24
+C rms [from-10.1.2.0/24-to-10.1.1.0/24]
+C rms [phase2-from-10.1.2.0/24-to-10.1.1.0/24]
+t from-131.188.33.29-to-131.188.33.51
+C rmv [Phase 2]:Passive-Connections=from-131.188.33.29-to-131.188.33.51
+C rms [from-131.188.33.29-to-131.188.33.51]
+C rms [phase2-from-131.188.33.29-to-131.188.33.51]
diff --git a/regress/sbin/ipsecctl/ikedel8.ok b/regress/sbin/ipsecctl/ikedel8.ok
index 348019d0c58..877f8f40f82 100644
--- a/regress/sbin/ipsecctl/ikedel8.ok
+++ b/regress/sbin/ipsecctl/ikedel8.ok
@@ -1,4 +1,4 @@
-t IPsec-1.1.1.1-0.0.0.0/0
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
-C rms [IPsec-1.1.1.1-0.0.0.0/0]
-C rms [qm-1.1.1.1-0.0.0.0/0]
+t from-1.1.1.1-to-0.0.0.0/0
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
+C rms [from-1.1.1.1-to-0.0.0.0/0]
+C rms [phase2-from-1.1.1.1-to-0.0.0.0/0]
diff --git a/regress/sbin/ipsecctl/ikedel9.ok b/regress/sbin/ipsecctl/ikedel9.ok
index 4a2aee506f7..c1cd47a2b44 100644
--- a/regress/sbin/ipsecctl/ikedel9.ok
+++ b/regress/sbin/ipsecctl/ikedel9.ok
@@ -1,4 +1,4 @@
-t IPsec-3.3.3.0/24-4.4.4.0/24
-C rmv [Phase 2]:Connections=IPsec-3.3.3.0/24-4.4.4.0/24
-C rms [IPsec-3.3.3.0/24-4.4.4.0/24]
-C rms [qm-3.3.3.0/24-4.4.4.0/24]
+t from-3.3.3.0/24-to-4.4.4.0/24
+C rmv [Phase 2]:Connections=from-3.3.3.0/24-to-4.4.4.0/24
+C rms [from-3.3.3.0/24-to-4.4.4.0/24]
+C rms [phase2-from-3.3.3.0/24-to-4.4.4.0/24]
diff --git a/regress/sbin/ipsecctl/ikefail6.ok b/regress/sbin/ipsecctl/ikefail6.ok
index 373f800c289..d71e7b12eea 100644
--- a/regress/sbin/ipsecctl/ikefail6.ok
+++ b/regress/sbin/ipsecctl/ikefail6.ok
@@ -2,13 +2,13 @@ ipsecctl: illegal transform aes
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force
-C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-AH- \ No newline at end of file
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
+C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-2.2.2.2]:Remote-ID=to-2.2.2.2 force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=QM-AH- \ No newline at end of file
diff --git a/sbin/ipsecctl/ike.c b/sbin/ipsecctl/ike.c
index 12464bf84e9..0569c409a79 100644
--- a/sbin/ipsecctl/ike.c
+++ b/sbin/ipsecctl/ike.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike.c,v 1.63 2008/02/22 23:51:31 hshoexer Exp $ */
+/* $OpenBSD: ike.c,v 1.64 2008/07/01 15:00:53 bluhm Exp $ */
/*
* Copyright (c) 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
@@ -79,30 +79,21 @@ ike_section_general(struct ipsec_rule *r, FILE *fd)
static void
ike_section_peer(struct ipsec_rule *r, FILE *fd)
{
- if (r->peer) {
- fprintf(fd, SET "[Phase 1]:%s=peer-%s force\n", r->peer->name,
- r->peer->name);
- fprintf(fd, SET "[peer-%s]:Phase=1 force\n", r->peer->name);
- fprintf(fd, SET "[peer-%s]:Address=%s force\n", r->peer->name,
+ if (r->peer)
+ fprintf(fd, SET "[Phase 1]:%s=%s force\n", r->peer->name,
+ r->p1name);
+ else
+ fprintf(fd, SET "[Phase 1]:Default=%s force\n", r->p1name);
+ fprintf(fd, SET "[%s]:Phase=1 force\n", r->p1name);
+ if (r->peer)
+ fprintf(fd, SET "[%s]:Address=%s force\n", r->p1name,
r->peer->name);
- if (r->local)
- fprintf(fd, SET "[peer-%s]:Local-address=%s force\n",
- r->peer->name, r->local->name);
- if (r->ikeauth->type == IKE_AUTH_PSK)
- fprintf(fd, SET "[peer-%s]:Authentication=%s force\n",
- r->peer->name, r->ikeauth->string);
- } else {
- fprintf(fd, SET "[Phase 1]:Default=peer-default force\n");
- fprintf(fd, SET "[peer-default]:Phase=1 force\n");
- if (r->local)
- fprintf(fd, SET
- "[peer-default]:Local-address=%s force\n",
- r->local->name);
- if (r->ikeauth->type == IKE_AUTH_PSK)
- fprintf(fd, SET
- "[peer-default]:Authentication=%s force\n",
- r->ikeauth->string);
- }
+ if (r->local)
+ fprintf(fd, SET "[%s]:Local-address=%s force\n", r->p1name,
+ r->local->name);
+ if (r->ikeauth->type == IKE_AUTH_PSK)
+ fprintf(fd, SET "[%s]:Authentication=%s force\n", r->p1name,
+ r->ikeauth->string);
}
static void
@@ -120,69 +111,44 @@ ike_section_ids(struct ipsec_rule *r, FILE *fd)
err(1, "ike_section_ids: strdup");
}
if (r->auth->srcid) {
- if (r->peer)
- fprintf(fd, SET "[peer-%s]:ID=%s-ID force\n",
- r->peer->name, r->auth->srcid);
- else
- fprintf(fd, SET "[peer-default]:ID=%s-ID force\n",
- r->auth->srcid);
-
- fprintf(fd, SET "[%s-ID]:ID-type=%s force\n", r->auth->srcid,
+ fprintf(fd, SET "[%s]:ID=id-%s force\n", r->p1name,
+ r->auth->srcid);
+ fprintf(fd, SET "[id-%s]:ID-type=%s force\n", r->auth->srcid,
ike_id_types[r->auth->srcid_type]);
- fprintf(fd, SET "[%s-ID]:Name=%s force\n", r->auth->srcid,
+ fprintf(fd, SET "[id-%s]:Name=%s force\n", r->auth->srcid,
r->auth->srcid);
}
if (r->auth->dstid) {
- if (r->peer) {
- fprintf(fd, SET "[peer-%s]:Remote-ID=%s-ID force\n",
- r->peer->name, r->peer->name);
- fprintf(fd, SET "[%s-ID]:ID-type=%s force\n",
- r->peer->name, ike_id_types[r->auth->dstid_type]);
- fprintf(fd, SET "[%s-ID]:Name=%s force\n", r->peer->name,
- r->auth->dstid);
- } else {
- fprintf(fd, SET
- "[peer-default]:Remote-ID=default-ID force\n");
- fprintf(fd, SET "[default-ID]:ID-type=%s force\n",
- ike_id_types[r->auth->dstid_type]);
- fprintf(fd, SET "[default-ID]:Name=%s force\n",
- r->auth->dstid);
- }
+ fprintf(fd, SET "[%s]:Remote-ID=id-%s force\n", r->p1name,
+ r->auth->dstid);
+ fprintf(fd, SET "[id-%s]:ID-type=%s force\n", r->auth->dstid,
+ ike_id_types[r->auth->dstid_type]);
+ fprintf(fd, SET "[id-%s]:Name=%s force\n", r->auth->dstid,
+ r->auth->dstid);
}
}
static void
ike_section_ipsec(struct ipsec_rule *r, FILE *fd)
{
- fprintf(fd, SET "[IPsec-%s]:Phase=2 force\n", r->p2name);
-
- if (r->peer)
- fprintf(fd, SET "[IPsec-%s]:ISAKMP-peer=peer-%s force\n",
- r->p2name, r->peer->name);
- else
- fprintf(fd, SET
- "[IPsec-%s]:ISAKMP-peer=peer-default force\n", r->p2name);
-
- fprintf(fd, SET "[IPsec-%s]:Configuration=qm-%s force\n", r->p2name,
+ fprintf(fd, SET "[%s]:Phase=2 force\n", r->p2name);
+ fprintf(fd, SET "[%s]:ISAKMP-peer=%s force\n", r->p2name, r->p1name);
+ fprintf(fd, SET "[%s]:Configuration=phase2-%s force\n", r->p2name,
r->p2name);
- fprintf(fd, SET "[IPsec-%s]:Local-ID=lid-%s force\n", r->p2name,
- r->p2lid);
- fprintf(fd, SET "[IPsec-%s]:Remote-ID=rid-%s force\n", r->p2name,
- r->p2rid);
+ fprintf(fd, SET "[%s]:Local-ID=%s force\n", r->p2name, r->p2lid);
+ fprintf(fd, SET "[%s]:Remote-ID=%s force\n", r->p2name, r->p2rid);
if (r->tag)
- fprintf(fd, SET "[IPsec-%s]:PF-Tag=%s force\n", r->p2name,
- r->tag);
+ fprintf(fd, SET "[%s]:PF-Tag=%s force\n", r->p2name, r->tag);
}
static int
ike_section_p2(struct ipsec_rule *r, FILE *fd)
{
- char *tag, *exchange_type, *sprefix;
+ char *exchange_type, *sprefix;
switch (r->p2ie) {
case IKE_QM:
- tag = "qm";
exchange_type = "QUICK_MODE";
sprefix = "QM";
break;
@@ -191,9 +157,9 @@ ike_section_p2(struct ipsec_rule *r, FILE *fd)
return (-1);
}
- fprintf(fd, SET "[%s-%s]:EXCHANGE_TYPE=%s force\n", tag, r->p2name,
+ fprintf(fd, SET "[phase2-%s]:EXCHANGE_TYPE=%s force\n", r->p2name,
exchange_type);
- fprintf(fd, SET "[%s-%s]:Suites=%s-", tag, r->p2name, sprefix);
+ fprintf(fd, SET "[phase2-%s]:Suites=%s-", r->p2name, sprefix);
switch (r->satype) {
case IPSEC_ESP:
@@ -334,15 +300,13 @@ ike_section_p2(struct ipsec_rule *r, FILE *fd)
static int
ike_section_p1(struct ipsec_rule *r, FILE *fd)
{
- char *tag, *exchange_type;
+ char *exchange_type;
switch (r->p1ie) {
case IKE_MM:
- tag = "mm";
exchange_type = "ID_PROT";
break;
case IKE_AM:
- tag = "am";
exchange_type = "AGGRESSIVE";
break;
default:
@@ -350,19 +314,11 @@ ike_section_p1(struct ipsec_rule *r, FILE *fd)
return (-1);
}
- if (r->peer) {
- fprintf(fd, SET "[peer-%s]:Configuration=%s-%s force\n",
- r->peer->name, tag, r->peer->name);
- fprintf(fd, SET "[%s-%s]:EXCHANGE_TYPE=%s force\n",
- tag, r->peer->name, exchange_type);
- fprintf(fd, ADD "[%s-%s]:Transforms=", tag, r->peer->name);
- } else {
- fprintf(fd, SET
- "[peer-default]:Configuration=%s-default force\n", tag);
- fprintf(fd, SET "[%s-default]:EXCHANGE_TYPE=%s force\n",
- tag, exchange_type);
- fprintf(fd, ADD "[%s-default]:Transforms=", tag);
- }
+ fprintf(fd, SET "[%s]:Configuration=phase1-%s force\n", r->p1name,
+ r->p1name);
+ fprintf(fd, SET "[phase1-%s]:EXCHANGE_TYPE=%s force\n", r->p1name,
+ exchange_type);
+ fprintf(fd, ADD "[phase1-%s]:Transforms=", r->p1name);
if (r->p1xfs && r->p1xfs->encxf) {
switch (r->p1xfs->encxf->id) {
@@ -497,19 +453,19 @@ ike_section_p2ids(struct ipsec_rule *r, FILE *fd)
if ((p = strrchr(network, '/')) != NULL)
*p = '\0';
- fprintf(fd, SET "[lid-%s]:ID-type=IPV%d_ADDR_SUBNET force\n",
+ fprintf(fd, SET "[%s]:ID-type=IPV%d_ADDR_SUBNET force\n",
r->p2lid, ((src->af == AF_INET) ? 4 : 6));
- fprintf(fd, SET "[lid-%s]:Network=%s force\n", r->p2lid,
+ fprintf(fd, SET "[%s]:Network=%s force\n", r->p2lid,
network);
- fprintf(fd, SET "[lid-%s]:Netmask=%s force\n", r->p2lid, mask);
+ fprintf(fd, SET "[%s]:Netmask=%s force\n", r->p2lid, mask);
free(network);
} else {
- fprintf(fd, SET "[lid-%s]:ID-type=IPV%d_ADDR force\n",
+ fprintf(fd, SET "[%s]:ID-type=IPV%d_ADDR force\n",
r->p2lid, ((src->af == AF_INET) ? 4 : 6));
if ((p = strrchr(src->name, '/')) != NULL)
*p = '\0';
- fprintf(fd, SET "[lid-%s]:Address=%s force\n", r->p2lid,
+ fprintf(fd, SET "[%s]:Address=%s force\n", r->p2lid,
src->name);
}
if (dst->netaddress) {
@@ -539,32 +495,32 @@ ike_section_p2ids(struct ipsec_rule *r, FILE *fd)
if ((p = strrchr(network, '/')) != NULL)
*p = '\0';
- fprintf(fd, SET "[rid-%s]:ID-type=IPV%d_ADDR_SUBNET force\n",
+ fprintf(fd, SET "[%s]:ID-type=IPV%d_ADDR_SUBNET force\n",
r->p2rid, ((dst->af == AF_INET) ? 4 : 6));
- fprintf(fd, SET "[rid-%s]:Network=%s force\n", r->p2rid,
+ fprintf(fd, SET "[%s]:Network=%s force\n", r->p2rid,
network);
- fprintf(fd, SET "[rid-%s]:Netmask=%s force\n", r->p2rid, mask);
+ fprintf(fd, SET "[%s]:Netmask=%s force\n", r->p2rid, mask);
free(network);
} else {
- fprintf(fd, SET "[rid-%s]:ID-type=IPV%d_ADDR force\n",
+ fprintf(fd, SET "[%s]:ID-type=IPV%d_ADDR force\n",
r->p2rid, ((dst->af == AF_INET) ? 4 : 6));
if ((p = strrchr(dst->name, '/')) != NULL)
*p = '\0';
- fprintf(fd, SET "[rid-%s]:Address=%s force\n", r->p2rid,
+ fprintf(fd, SET "[%s]:Address=%s force\n", r->p2rid,
dst->name);
}
if (r->proto) {
- fprintf(fd, SET "[lid-%s]:Protocol=%d force\n",
+ fprintf(fd, SET "[%s]:Protocol=%d force\n",
r->p2lid, r->proto);
- fprintf(fd, SET "[rid-%s]:Protocol=%d force\n",
+ fprintf(fd, SET "[%s]:Protocol=%d force\n",
r->p2rid, r->proto);
}
if (r->sport)
- fprintf(fd, SET "[lid-%s]:Port=%d force\n", r->p2lid,
+ fprintf(fd, SET "[%s]:Port=%d force\n", r->p2lid,
ntohs(r->sport));
if (r->dport)
- fprintf(fd, SET "[rid-%s]:Port=%d force\n", r->p2rid,
+ fprintf(fd, SET "[%s]:Port=%d force\n", r->p2rid,
ntohs(r->dport));
}
@@ -574,10 +530,10 @@ ike_connect(struct ipsec_rule *r, FILE *fd)
switch (r->ikemode) {
case IKE_ACTIVE:
case IKE_DYNAMIC:
- fprintf(fd, ADD "[Phase 2]:Connections=IPsec-%s\n", r->p2name);
+ fprintf(fd, ADD "[Phase 2]:Connections=%s\n", r->p2name);
break;
case IKE_PASSIVE:
- fprintf(fd, ADD "[Phase 2]:Passive-Connections=IPsec-%s\n",
+ fprintf(fd, ADD "[Phase 2]:Passive-Connections=%s\n",
r->p2name);
break;
default:
@@ -615,20 +571,19 @@ ike_delete_config(struct ipsec_rule *r, FILE *fd)
switch (r->ikemode) {
case IKE_ACTIVE:
case IKE_DYNAMIC:
- fprintf(fd, "t IPsec-%s\n", r->p2name);
+ fprintf(fd, "t %s\n", r->p2name);
break;
case IKE_PASSIVE:
fprintf(fd, DELETE "[Phase 2]\n");
- fprintf(fd, "t IPsec-%s\n", r->p2name);
+ fprintf(fd, "t %s\n", r->p2name);
break;
default:
return (-1);
}
if (r->peer) {
- fprintf(fd, DELETE "[peer-%s]\n", r->peer->name);
- fprintf(fd, DELETE "[mm-%s]\n", r->peer->name);
- fprintf(fd, DELETE "[am-%s]\n", r->peer->name);
+ fprintf(fd, DELETE "[%s]\n", r->p1name);
+ fprintf(fd, DELETE "[phase1-%s]\n", r->p1name);
}
if (r->auth) {
if (r->auth->srcid)
@@ -636,26 +591,26 @@ ike_delete_config(struct ipsec_rule *r, FILE *fd)
if (r->auth->dstid)
fprintf(fd, DELETE "[%s-ID]\n", r->auth->dstid);
}
- fprintf(fd, DELETE "[IPsec-%s]\n", r->p2name);
- fprintf(fd, DELETE "[qm-%s]\n", r->p2name);
- fprintf(fd, DELETE "[lid-%s]\n", r->p2lid);
- fprintf(fd, DELETE "[rid-%s]\n", r->p2rid);
+ fprintf(fd, DELETE "[%s]\n", r->p2name);
+ fprintf(fd, DELETE "[phase2-%s]\n", r->p2name);
+ fprintf(fd, DELETE "[%s]\n", r->p2lid);
+ fprintf(fd, DELETE "[%s]\n", r->p2rid);
#else
- fprintf(fd, "t IPsec-%s\n", r->p2name);
+ fprintf(fd, "t %s\n", r->p2name);
switch (r->ikemode) {
case IKE_ACTIVE:
case IKE_DYNAMIC:
- fprintf(fd, RMV "[Phase 2]:Connections=IPsec-%s\n", r->p2name);
+ fprintf(fd, RMV "[Phase 2]:Connections=%s\n", r->p2name);
break;
case IKE_PASSIVE:
- fprintf(fd, RMV "[Phase 2]:Passive-Connections=IPsec-%s\n",
+ fprintf(fd, RMV "[Phase 2]:Passive-Connections=%s\n",
r->p2name);
break;
default:
return (-1);
}
- fprintf(fd, DELETE "[IPsec-%s]\n", r->p2name);
- fprintf(fd, DELETE "[qm-%s]\n", r->p2name);
+ fprintf(fd, DELETE "[%s]\n", r->p2name);
+ fprintf(fd, DELETE "[phase2-%s]\n", r->p2name);
#endif
return (0);
@@ -664,32 +619,42 @@ ike_delete_config(struct ipsec_rule *r, FILE *fd)
static void
ike_setup_ids(struct ipsec_rule *r)
{
- if (r->proto) {
- if (asprintf(&r->p2lid, "%s:%d-%d", r->src->name,
- ntohs(r->sport), r->proto) == -1)
- err(1, "ike_setup_ids");
- if (asprintf(&r->p2rid, "%s:%d-%d", r->dst->name,
- ntohs(r->dport), r->proto) == -1)
- err(1, "ike_setup_ids");
- } else {
- if (r->sport) {
- if (asprintf(&r->p2lid, "%s:%d", r->src->name,
- ntohs(r->sport)) == -1)
- err(1, "ike_setup_ids");
- } else {
- if ((r->p2lid = strdup(r->src->name)) == NULL)
- err(1, "ike_setup_ids");
- }
- if (r->dport) {
- if (asprintf(&r->p2rid, "%s:%d", r->dst->name,
- ntohs(r->dport)) == -1)
+ char sproto[10], ssport[10], sdport[10];
+
+ /* phase 1 name is peer and local address */
+ if (r->peer) {
+ if (r->local) {
+ /* peer-dstaddr-local-srcaddr */
+ if (asprintf(&r->p1name, "peer-%s-local-%s",
+ r->peer->name, r->local->name) == -1)
err(1, "ike_setup_ids");
- } else {
- if ((r->p2rid = strdup(r->dst->name)) == NULL)
+ } else
+ /* peer-dstaddr */
+ if (asprintf(&r->p1name, "peer-%s",
+ r->peer->name) == -1)
err(1, "ike_setup_ids");
- }
- }
- if (asprintf(&r->p2name, "%s-%s", r->p2lid, r->p2rid) == -1)
+ } else
+ if ((r->p1name = strdup("peer-default")) == NULL)
+ err(1, "ike_setup_ids");
+
+ /* Phase 2 name is from and to network, protocol, port*/
+ sproto[0] = ssport[0] = sdport[0] = 0;
+ if (r->proto)
+ snprintf(sproto, sizeof sproto, "=%u", r->proto);
+ if (r->sport)
+ snprintf(ssport, sizeof ssport, ":%u", ntohs(r->sport));
+ if (r->dport)
+ snprintf(sdport, sizeof sdport, ":%u", ntohs(r->dport));
+ /* from-network/masklen=proto:port */
+ if (asprintf(&r->p2lid, "from-%s%s%s", r->src->name, sproto, ssport)
+ == -1)
+ err(1, "ike_setup_ids");
+ /* to-network/masklen=proto:port */
+ if (asprintf(&r->p2rid, "to-%s%s%s", r->dst->name, sproto, sdport)
+ == -1)
+ err(1, "ike_setup_ids");
+ /* from-network/masklen=proto:port-to-network/masklen=proto:port */
+ if (asprintf(&r->p2name, "%s-%s", r->p2lid , r->p2rid) == -1)
err(1, "ike_setup_ids");
}
diff --git a/sbin/ipsecctl/ipsecctl.c b/sbin/ipsecctl/ipsecctl.c
index 33b04468e45..4defd1ada4b 100644
--- a/sbin/ipsecctl/ipsecctl.c
+++ b/sbin/ipsecctl/ipsecctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsecctl.c,v 1.69 2007/10/13 16:35:18 deraadt Exp $ */
+/* $OpenBSD: ipsecctl.c,v 1.70 2008/07/01 15:00:53 bluhm Exp $ */
/*
* Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
@@ -240,6 +240,8 @@ ipsecctl_free_rule(struct ipsec_rule *rp)
free(rp->enckey->data);
free(rp->enckey);
}
+ if (rp->p1name)
+ free(rp->p1name);
if (rp->p2name)
free(rp->p2name);
if (rp->p2lid)
diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h
index 8c2e1142f63..52af45c08ff 100644
--- a/sbin/ipsecctl/ipsecctl.h
+++ b/sbin/ipsecctl/ipsecctl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsecctl.h,v 1.56 2008/02/22 23:51:31 hshoexer Exp $ */
+/* $OpenBSD: ipsecctl.h,v 1.57 2008/07/01 15:00:53 bluhm Exp $ */
/*
* Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
@@ -185,6 +185,7 @@ struct ipsec_rule {
struct ipsec_key *enckey;
char *tag; /* pf tag for SAs */
+ char *p1name; /* Phase 1 Name */
char *p2name; /* Phase 2 Name (IPsec-XX) */
char *p2lid; /* Phase 2 source ID */
char *p2rid; /* Phase 2 destination ID */
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c
index 4ceb71b8620..00e22ca0085 100644
--- a/sbin/isakmpd/pf_key_v2.c
+++ b/sbin/isakmpd/pf_key_v2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_key_v2.c,v 1.183 2008/06/10 17:25:57 bluhm Exp $ */
+/* $OpenBSD: pf_key_v2.c,v 1.184 2008/07/01 15:00:53 bluhm Exp $ */
/* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */
/*
@@ -2431,6 +2431,57 @@ pf_key_v2_expire(struct pf_key_v2_msg *pmsg)
}
}
+static int
+mask4len(const struct sockaddr_in *mask)
+{
+ int len;
+ u_int32_t m;
+
+ len = 0;
+ for (m = 0x80000000; m & ntohl(mask->sin_addr.s_addr); m >>= 1)
+ len++;
+ if (len == 32)
+ len = -1;
+ return len;
+}
+
+#ifndef s6_addr8
+#define s6_addr8 __u6_addr.__u6_addr8
+#endif
+
+static int
+mask6len(const struct sockaddr_in6 *mask)
+{
+ int i, len;
+ u_int8_t m;
+
+ len = 0;
+ for (i = 0, m = 0; i < 16 && !m; i++)
+ for (m = 0x80; m & mask->sin6_addr.s6_addr8[i]; m >>= 1)
+ len++;
+ if (len == 128)
+ len = -1;
+ return len;
+}
+
+static int
+phase2id(char *str, size_t size, const char *side, const char *sflow,
+ int masklen, u_int8_t proto, u_int16_t port)
+{
+ char smasklen[10], sproto[10], sport[10];
+
+ smasklen[0] = sproto[0] = sport[0] = 0;
+ if (masklen != -1)
+ snprintf(smasklen, sizeof smasklen, "/%d", masklen);
+ if (proto)
+ snprintf(sproto, sizeof sproto, "=%u", proto);
+ if (port)
+ snprintf(sport, sizeof sport, ":%u", ntohs(port));
+
+ return snprintf(str, size, "%s-%s%s%s%s", side, sflow, smasklen,
+ sproto, sport);
+}
+
/* Handle a PF_KEY SA ACQUIRE message PMSG. */
static void
pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
@@ -2451,8 +2502,9 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
struct sadb_protocol *sproto;
char ssflow[ADDRESS_MAX], sdflow[ADDRESS_MAX];
char sdmask[ADDRESS_MAX], ssmask[ADDRESS_MAX];
+ int dmasklen, smasklen;
char *sidtype = 0, *didtype = 0;
- char lname[100], dname[100], configname[30];
+ char lname[100], dname[100], configname[200];
int shostflag = 0, dhostflag = 0;
struct pf_key_v2_node *ext;
struct passwd *pwd = 0;
@@ -2569,6 +2621,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
bzero(sdflow, sizeof sdflow);
bzero(ssmask, sizeof ssmask);
bzero(sdmask, sizeof sdmask);
+ smasklen = dmasklen = -1;
sidtype = didtype = "IPV4_ADDR_SUBNET"; /* default */
@@ -2600,6 +2653,8 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
log_print("pf_key_v2_acquire: inet_ntop failed");
goto fail;
}
+ smasklen = mask4len((struct sockaddr_in *) smask);
+ dmasklen = mask4len((struct sockaddr_in *) dmask);
if (((struct sockaddr_in *) smask)->sin_addr.s_addr ==
INADDR_BROADCAST) {
shostflag = 1;
@@ -2639,6 +2694,8 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
log_print("pf_key_v2_acquire: inet_ntop failed");
goto fail;
}
+ smasklen = mask6len((struct sockaddr_in6 *) smask);
+ dmasklen = mask6len((struct sockaddr_in6 *) dmask);
sidtype = didtype = "IPV6_ADDR_SUBNET";
if (IN6_IS_ADDR_FULL(&((struct sockaddr_in6 *)smask)->sin6_addr)) {
shostflag = 1;
@@ -2773,7 +2830,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
* then dup.
*/
*srcid = '\0';
- if (asprintf(&srcid, "ID:Address/%s",
+ if (asprintf(&srcid, "id-%s",
(char *) (srcident + 1)) == -1) {
log_error("pf_key_v2_acquire: asprintf() failed");
goto fail;
@@ -2846,7 +2903,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
}
}
}
- if (asprintf(&srcid, "ID:%s/%s", prefstring,
+ if (asprintf(&srcid, "id-%s",
slen ? (char *) (srcident + 1) : pwd->pw_name) == -1) {
log_error("pf_key_v2_acquire: asprintf() failed");
goto fail;
@@ -2860,8 +2917,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
1, 0) ||
conf_set(af, srcid, "Refcount", "1", 1, 0) ||
conf_set(af, srcid, "Name",
- srcid + sizeof "ID:/" - 1 +
- strlen(prefstring), 1, 0)) {
+ srcid + 3, 1, 0)) {
conf_end(af, 0);
goto fail;
}
@@ -2922,7 +2978,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
* then dup.
*/
*dstid = '\0';
- if (asprintf(&dstid, "ID:Address/%s",
+ if (asprintf(&dstid, "id-%s",
(char *) (dstident + 1)) == -1) {
log_error("pf_key_v2_acquire: asprintf() failed");
goto fail;
@@ -2994,7 +3050,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
}
}
}
- if (asprintf(&dstid, "ID:%s/%s", prefstring,
+ if (asprintf(&dstid, "id-%s",
slen ? (char *) (dstident + 1) : pwd->pw_name) == -1) {
log_error("pf_key_v2_acquire: asprintf() failed");
goto fail;
@@ -3008,8 +3064,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
1, 0) ||
conf_set(af, dstid, "Refcount", "1", 1, 0) ||
conf_set(af, dstid, "Name",
- dstid + sizeof "ID:/" - 1 +
- strlen(prefstring), 1, 0)) {
+ dstid + 3, 1, 0)) {
conf_end(af, 0);
goto fail;
}
@@ -3034,12 +3089,9 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
/* Get a new connection sequence number. */
for (;; connection_seq++) {
snprintf(conn, connlen, "Connection-%u", connection_seq);
- snprintf(configname, sizeof configname, "Config-Phase2-%u",
- connection_seq);
/* Does it exist ? */
- if (!conf_get_str(conn, "Phase") &&
- !conf_get_str(configname, "Suites"))
+ if (!conf_get_str(conn, "Phase"))
break;
}
@@ -3052,31 +3104,24 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
* - Configuration
*
* Also set the following section:
- * [Peer-dstaddr(/srcaddr)(-srcid)(/dstid)]
+ * [peer-dstaddr(-local-srcaddr)]
* with these fields:
* - Phase
* - ID (if provided)
* - Remote-ID (if provided)
* - Local-address (if provided)
* - Address
- * - Configuration (if an entry ISAKMP-configuration-dstaddr(/srcaddr)
+ * - Configuration (if an entry phase1-dstaddr-srcadd)
* exists -- otherwise use the defaults)
*/
/*
* The various cases:
- * - Peer-dstaddr
- * - Peer-dstaddr/srcaddr
- * - Peer-dstaddr/srcaddr-srcid
- * - Peer-dstaddr/srcaddr-srcid/dstid
- * - Peer-dstaddr/srcaddr-/dstid
- * - Peer-dstaddr-srcid/dstid
- * - Peer-dstaddr-/dstid
- * - Peer-dstaddr-srcid
+ * - peer-dstaddr
+ * - peer-dstaddr-local-srcaddr
*/
- if (asprintf(&peer, "Peer-%s%s%s%s%s%s%s", dstbuf, srcaddr ? "/" : "",
- srcaddr ? srcbuf : "", srcid ? "-" : "", srcid ? srcid : "",
- dstid ? (srcid ? "/" : "-/") : "", dstid ? dstid : "") == -1)
+ if (asprintf(&peer, "peer-%s%s%s", dstbuf, srcaddr ? "-local-" : "",
+ srcaddr ? srcbuf : "") == -1)
goto fail;
/*
@@ -3097,9 +3142,16 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
conf_end(af, 0);
goto fail;
}
- /* Set Phase 2 IDs -- this is the Local-ID section. */
- snprintf(lname, sizeof lname, "Phase2-ID:%s/%s/%u/%u", ssflow, ssmask,
- tproto, sport);
+ /*
+ * Set Phase 2 IDs -- this is the Local-ID section.
+ * - from-address
+ * - from-address=proto
+ * - from-address=proto:port
+ * - from-network/masklen
+ * - from-network/masklen=proto
+ * - from-network/masklen=proto:port
+ */
+ phase2id(lname, sizeof lname, "from", ssflow, smasklen, tproto, sport);
if (conf_set(af, conn, "Local-ID", lname, 0, 0)) {
conf_end(af, 0);
goto fail;
@@ -3141,9 +3193,16 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
} else
pf_key_v2_conf_refinc(af, lname);
- /* Set Remote-ID section. */
- snprintf(dname, sizeof dname, "Phase2-ID:%s/%s/%u/%u", sdflow, sdmask,
- tproto, dport);
+ /*
+ * Set Remote-ID section.
+ * to-address
+ * to-address=proto
+ * to-address=proto:port
+ * to-network/masklen
+ * to-network/masklen=proto
+ * to-network/masklen=proto:port
+ */
+ phase2id(dname, sizeof dname, "to", sdflow, dmasklen, tproto, dport);
if (conf_set(af, conn, "Remote-ID", dname, 0, 0)) {
conf_end(af, 0);
goto fail;
@@ -3192,27 +3251,37 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
* At least, we should make this selectable.
*/
- /* Phase 2 configuration. */
+ /*
+ * Phase 2 configuration.
+ * - phase2-from-address-to-address
+ * - ...
+ * - phase2-from-net/len=proto:port-to-net/len=proto:port
+ */
+ snprintf(configname, sizeof configname, "phase2-%s-%s", lname, dname);
if (conf_set(af, conn, "Configuration", configname, 0, 0)) {
conf_end(af, 0);
goto fail;
}
- if (conf_set(af, configname, "Exchange_type", "Quick_mode", 0, 0) ||
- conf_set(af, configname, "DOI", "IPSEC", 0, 0)) {
- conf_end(af, 0);
- goto fail;
- }
- if (conf_get_str("General", "Default-phase-2-suites")) {
- if (conf_set(af, configname, "Suites",
- conf_get_str("General", "Default-phase-2-suites"), 0, 0)) {
+ if (!conf_get_str(configname, "Exchange_type")) {
+ if (conf_set(af, configname, "Exchange_type", "Quick_mode",
+ 0, 0) ||
+ conf_set(af, configname, "DOI", "IPSEC", 0, 0)) {
conf_end(af, 0);
goto fail;
}
- } else {
- if (conf_set(af, configname, "Suites",
- "QM-ESP-3DES-SHA-PFS-SUITE", 0, 0)) {
- conf_end(af, 0);
- goto fail;
+ if (conf_get_str("General", "Default-phase-2-suites")) {
+ if (conf_set(af, configname, "Suites",
+ conf_get_str("General", "Default-phase-2-suites"),
+ 0, 0)) {
+ conf_end(af, 0);
+ goto fail;
+ }
+ } else {
+ if (conf_set(af, configname, "Suites",
+ "QM-ESP-3DES-SHA-PFS-SUITE", 0, 0)) {
+ conf_end(af, 0);
+ goto fail;
+ }
}
}
@@ -3229,8 +3298,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
conf_end(af, 0);
goto fail;
}
- snprintf(confname, sizeof confname, "ISAKMP-Configuration-%s",
- peer);
+ snprintf(confname, sizeof confname, "phase1-%s", peer);
if (conf_set(af, peer, "Configuration", confname, 0, 0)) {
conf_end(af, 0);
goto fail;
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-17 02:59:04 +0000