summaryrefslogtreecommitdiff
path: root/regress/sbin/ipsecctl/ike61.ok
diff options
context:
space:
mode:
Diffstat (limited to 'regress/sbin/ipsecctl/ike61.ok')
-rw-r--r--regress/sbin/ipsecctl/ike61.ok230
1 files changed, 230 insertions, 0 deletions
diff --git a/regress/sbin/ipsecctl/ike61.ok b/regress/sbin/ipsecctl/ike61.ok
new file mode 100644
index 00000000000..0960408fb5d
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike61.ok
@@ -0,0 +1,230 @@
+FROM = "{ 2.2.2.0/24 (5.5.5.0/24), 3.3.3.0/24, 4.4.4.0/24 (6.6.6.0/24) }"
+TO = "{ 5.5.5.0/24, 6.6.6.0/24, 7.7.7.0/24 }"
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-2.2.2.0/24-to-5.5.5.0/24]:Phase=2 force
+C set [from-2.2.2.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-2.2.2.0/24-to-5.5.5.0/24]:Configuration=phase2-from-2.2.2.0/24-to-5.5.5.0/24 force
+C set [from-2.2.2.0/24-to-5.5.5.0/24]:Local-ID=from-2.2.2.0/24 force
+C set [from-2.2.2.0/24-to-5.5.5.0/24]:NAT-ID=nat-5.5.5.0/24 force
+C set [from-2.2.2.0/24-to-5.5.5.0/24]:Remote-ID=to-5.5.5.0/24 force
+C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-2.2.2.0/24]:Network=2.2.2.0 force
+C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
+C set [nat-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [nat-5.5.5.0/24]:Network=5.5.5.0 force
+C set [nat-5.5.5.0/24]:Netmask=255.255.255.0 force
+C set [to-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-5.5.5.0/24]:Network=5.5.5.0 force
+C set [to-5.5.5.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-2.2.2.0/24-to-5.5.5.0/24
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-2.2.2.0/24-to-6.6.6.0/24]:Phase=2 force
+C set [from-2.2.2.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-2.2.2.0/24-to-6.6.6.0/24]:Configuration=phase2-from-2.2.2.0/24-to-6.6.6.0/24 force
+C set [from-2.2.2.0/24-to-6.6.6.0/24]:Local-ID=from-2.2.2.0/24 force
+C set [from-2.2.2.0/24-to-6.6.6.0/24]:NAT-ID=nat-5.5.5.0/24 force
+C set [from-2.2.2.0/24-to-6.6.6.0/24]:Remote-ID=to-6.6.6.0/24 force
+C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-2.2.2.0/24]:Network=2.2.2.0 force
+C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
+C set [nat-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [nat-5.5.5.0/24]:Network=5.5.5.0 force
+C set [nat-5.5.5.0/24]:Netmask=255.255.255.0 force
+C set [to-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-6.6.6.0/24]:Network=6.6.6.0 force
+C set [to-6.6.6.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-2.2.2.0/24-to-6.6.6.0/24
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-2.2.2.0/24-to-7.7.7.0/24]:Phase=2 force
+C set [from-2.2.2.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-2.2.2.0/24-to-7.7.7.0/24]:Configuration=phase2-from-2.2.2.0/24-to-7.7.7.0/24 force
+C set [from-2.2.2.0/24-to-7.7.7.0/24]:Local-ID=from-2.2.2.0/24 force
+C set [from-2.2.2.0/24-to-7.7.7.0/24]:NAT-ID=nat-5.5.5.0/24 force
+C set [from-2.2.2.0/24-to-7.7.7.0/24]:Remote-ID=to-7.7.7.0/24 force
+C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-2.2.2.0/24]:Network=2.2.2.0 force
+C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
+C set [nat-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [nat-5.5.5.0/24]:Network=5.5.5.0 force
+C set [nat-5.5.5.0/24]:Netmask=255.255.255.0 force
+C set [to-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-7.7.7.0/24]:Network=7.7.7.0 force
+C set [to-7.7.7.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-2.2.2.0/24-to-7.7.7.0/24
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3.3.3.0/24-to-5.5.5.0/24]:Phase=2 force
+C set [from-3.3.3.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-3.3.3.0/24-to-5.5.5.0/24]:Configuration=phase2-from-3.3.3.0/24-to-5.5.5.0/24 force
+C set [from-3.3.3.0/24-to-5.5.5.0/24]:Local-ID=from-3.3.3.0/24 force
+C set [from-3.3.3.0/24-to-5.5.5.0/24]:Remote-ID=to-5.5.5.0/24 force
+C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-3.3.3.0/24]:Network=3.3.3.0 force
+C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
+C set [to-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-5.5.5.0/24]:Network=5.5.5.0 force
+C set [to-5.5.5.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-3.3.3.0/24-to-5.5.5.0/24
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3.3.3.0/24-to-6.6.6.0/24]:Phase=2 force
+C set [from-3.3.3.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-3.3.3.0/24-to-6.6.6.0/24]:Configuration=phase2-from-3.3.3.0/24-to-6.6.6.0/24 force
+C set [from-3.3.3.0/24-to-6.6.6.0/24]:Local-ID=from-3.3.3.0/24 force
+C set [from-3.3.3.0/24-to-6.6.6.0/24]:Remote-ID=to-6.6.6.0/24 force
+C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-3.3.3.0/24]:Network=3.3.3.0 force
+C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
+C set [to-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-6.6.6.0/24]:Network=6.6.6.0 force
+C set [to-6.6.6.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-3.3.3.0/24-to-6.6.6.0/24
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3.3.3.0/24-to-7.7.7.0/24]:Phase=2 force
+C set [from-3.3.3.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-3.3.3.0/24-to-7.7.7.0/24]:Configuration=phase2-from-3.3.3.0/24-to-7.7.7.0/24 force
+C set [from-3.3.3.0/24-to-7.7.7.0/24]:Local-ID=from-3.3.3.0/24 force
+C set [from-3.3.3.0/24-to-7.7.7.0/24]:Remote-ID=to-7.7.7.0/24 force
+C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-3.3.3.0/24]:Network=3.3.3.0 force
+C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
+C set [to-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-7.7.7.0/24]:Network=7.7.7.0 force
+C set [to-7.7.7.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-3.3.3.0/24-to-7.7.7.0/24
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-4.4.4.0/24-to-5.5.5.0/24]:Phase=2 force
+C set [from-4.4.4.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-4.4.4.0/24-to-5.5.5.0/24]:Configuration=phase2-from-4.4.4.0/24-to-5.5.5.0/24 force
+C set [from-4.4.4.0/24-to-5.5.5.0/24]:Local-ID=from-4.4.4.0/24 force
+C set [from-4.4.4.0/24-to-5.5.5.0/24]:NAT-ID=nat-6.6.6.0/24 force
+C set [from-4.4.4.0/24-to-5.5.5.0/24]:Remote-ID=to-5.5.5.0/24 force
+C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-4.4.4.0/24]:Network=4.4.4.0 force
+C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
+C set [nat-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [nat-6.6.6.0/24]:Network=6.6.6.0 force
+C set [nat-6.6.6.0/24]:Netmask=255.255.255.0 force
+C set [to-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-5.5.5.0/24]:Network=5.5.5.0 force
+C set [to-5.5.5.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-4.4.4.0/24-to-5.5.5.0/24
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-4.4.4.0/24-to-6.6.6.0/24]:Phase=2 force
+C set [from-4.4.4.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-4.4.4.0/24-to-6.6.6.0/24]:Configuration=phase2-from-4.4.4.0/24-to-6.6.6.0/24 force
+C set [from-4.4.4.0/24-to-6.6.6.0/24]:Local-ID=from-4.4.4.0/24 force
+C set [from-4.4.4.0/24-to-6.6.6.0/24]:NAT-ID=nat-6.6.6.0/24 force
+C set [from-4.4.4.0/24-to-6.6.6.0/24]:Remote-ID=to-6.6.6.0/24 force
+C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-4.4.4.0/24]:Network=4.4.4.0 force
+C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
+C set [nat-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [nat-6.6.6.0/24]:Network=6.6.6.0 force
+C set [nat-6.6.6.0/24]:Netmask=255.255.255.0 force
+C set [to-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-6.6.6.0/24]:Network=6.6.6.0 force
+C set [to-6.6.6.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-4.4.4.0/24-to-6.6.6.0/24
+C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
+C set [peer-1.1.1.1]:Phase=1 force
+C set [peer-1.1.1.1]:Address=1.1.1.1 force
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-4.4.4.0/24-to-7.7.7.0/24]:Phase=2 force
+C set [from-4.4.4.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-4.4.4.0/24-to-7.7.7.0/24]:Configuration=phase2-from-4.4.4.0/24-to-7.7.7.0/24 force
+C set [from-4.4.4.0/24-to-7.7.7.0/24]:Local-ID=from-4.4.4.0/24 force
+C set [from-4.4.4.0/24-to-7.7.7.0/24]:NAT-ID=nat-6.6.6.0/24 force
+C set [from-4.4.4.0/24-to-7.7.7.0/24]:Remote-ID=to-7.7.7.0/24 force
+C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-4.4.4.0/24]:Network=4.4.4.0 force
+C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
+C set [nat-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [nat-6.6.6.0/24]:Network=6.6.6.0 force
+C set [nat-6.6.6.0/24]:Netmask=255.255.255.0 force
+C set [to-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-7.7.7.0/24]:Network=7.7.7.0 force
+C set [to-7.7.7.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-4.4.4.0/24-to-7.7.7.0/24
+C set [Phase 1]:3ffe::51=peer-3ffe::51 force
+C set [peer-3ffe::51]:Phase=1 force
+C set [peer-3ffe::51]:Address=3ffe::51 force
+C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force
+C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::51]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Phase=2 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::51 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Configuration=phase2-from-3ffe:1::/64-to-3ffe:2::/64 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Local-ID=from-3ffe:1::/64 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:NAT-ID=nat-affe:1::/64 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Remote-ID=to-3ffe:2::/64 force
+C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-3ffe:1::/64]:Network=3ffe:1:: force
+C set [from-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C set [nat-affe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [nat-affe:1::/64]:Network=affe:1:: force
+C set [nat-affe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C set [to-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-3ffe:2::/64]:Network=3ffe:2:: force
+C set [to-3ffe:2::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C add [Phase 2]:Passive-Connections=from-3ffe:1::/64-to-3ffe:2::/64