# $OpenBSD: ipsec.conf,v 1.8 2020/12/21 00:47:18 bluhm Exp $ ### regress ipsec ipsec.conf # Install symmetric config by exchanging local and peer keywords. FROM="from" TO="to" LOCAL="local" PEER="peer" ## ESP # ESP TRANSP flow esp \ $FROM $SRC_ESP_TRANSP_IPV4 $TO $IPS_ESP_TRANSP_IPV4 \ $LOCAL $SRC_ESP_TRANSP_IPV4 $PEER $IPS_ESP_TRANSP_IPV4 \ type dontacq flow esp \ $FROM $SRC_ESP_TRANSP_IPV6 $TO $IPS_ESP_TRANSP_IPV6 \ $LOCAL $SRC_ESP_TRANSP_IPV6 $PEER $IPS_ESP_TRANSP_IPV6 \ type dontacq # ESP TRANSP SA esp transport \ from $SRC_ESP_TRANSP_IPV4 to $IPS_ESP_TRANSP_IPV4 \ spi 0x10000441:0x10000442 \ authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef esp transport \ from $SRC_ESP_TRANSP_IPV6 to $IPS_ESP_TRANSP_IPV6 \ spi 0x10000461:0x10000462 \ authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef # ESP TUNNEL IPS flow esp \ $FROM $SRC_ESP_TUNNEL_IPV4/24 $TO $IPS_ESP_TUNNEL4_IPV4/24 \ $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ type dontacq flow esp \ $FROM $SRC_ESP_TUNNEL_IPV6/64 $TO $IPS_ESP_TUNNEL4_IPV6/64 \ $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ type dontacq # icmp need to frag flow esp proto icmp \ $FROM $SRC_ESP_TUNNEL_IPV4/24 $TO $IPS_IN_IPV4 \ $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ type dontacq flow esp \ $FROM $SRC_ESP_TUNNEL_IPV4/24 $TO $IPS_ESP_TUNNEL6_IPV4/24 \ $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ type dontacq flow esp \ $FROM $SRC_ESP_TUNNEL_IPV6/64 $TO $IPS_ESP_TUNNEL6_IPV6/64 \ $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ type dontacq # ESP TUNNEL ECO flow esp \ $FROM $SRC_ESP_TUNNEL_IPV4/24 $TO $ECO_ESP_TUNNEL4_IPV4/24 \ $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ type dontacq flow esp \ $FROM $SRC_ESP_TUNNEL_IPV6/64 $TO $ECO_ESP_TUNNEL4_IPV6/64 \ $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ type dontacq # icmp need to frag flow esp proto icmp \ $FROM $SRC_ESP_TUNNEL_IPV4/24 $TO $RT_IN_IPV4 \ $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ type dontacq flow esp \ $FROM $SRC_ESP_TUNNEL_IPV4/24 $TO $ECO_ESP_TUNNEL6_IPV4/24 \ $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ type dontacq flow esp \ $FROM $SRC_ESP_TUNNEL_IPV6/64 $TO $ECO_ESP_TUNNEL6_IPV6/64 \ $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ type dontacq # ESP TUNNEL SA esp tunnel \ from $SRC_OUT_IPV4 to $IPS_IN_IPV4 \ spi 0x10000841:0x10000842 \ authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef esp tunnel \ from $SRC_OUT_IPV6 to $IPS_IN_IPV6 \ spi 0x10000861:0x10000862 \ authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef ## AH # AH TRANSP flow ah \ $FROM $SRC_AH_TRANSP_IPV4 $TO $IPS_AH_TRANSP_IPV4 \ $LOCAL $SRC_AH_TRANSP_IPV4 $PEER $IPS_AH_TRANSP_IPV4 \ type dontacq flow ah \ $FROM $SRC_AH_TRANSP_IPV6 $TO $IPS_AH_TRANSP_IPV6 \ $LOCAL $SRC_AH_TRANSP_IPV6 $PEER $IPS_AH_TRANSP_IPV6 \ type dontacq # AH TRANSP SA ah transport \ from $SRC_AH_TRANSP_IPV4 to $IPS_AH_TRANSP_IPV4 \ spi 0x10002441:0x10002442 \ authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef ah transport \ from $SRC_AH_TRANSP_IPV6 to $IPS_AH_TRANSP_IPV6 \ spi 0x10002461:0x10002462 \ authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef # AH TUNNEL IPS flow ah \ $FROM $SRC_AH_TUNNEL_IPV4/24 $TO $IPS_AH_TUNNEL4_IPV4/24 \ $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ type dontacq flow ah \ $FROM $SRC_AH_TUNNEL_IPV6/64 $TO $IPS_AH_TUNNEL4_IPV6/64 \ $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ type dontacq flow ah \ $FROM $SRC_AH_TUNNEL_IPV4/24 $TO $IPS_AH_TUNNEL6_IPV4/24 \ $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ type dontacq flow ah \ $FROM $SRC_AH_TUNNEL_IPV6/64 $TO $IPS_AH_TUNNEL6_IPV6/64 \ $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ type dontacq # AH TUNNEL ECO flow ah \ $FROM $SRC_AH_TUNNEL_IPV4/24 $TO $ECO_AH_TUNNEL4_IPV4/24 \ $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ type dontacq flow ah \ $FROM $SRC_AH_TUNNEL_IPV6/64 $TO $ECO_AH_TUNNEL4_IPV6/64 \ $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ type dontacq flow ah \ $FROM $SRC_AH_TUNNEL_IPV4/24 $TO $ECO_AH_TUNNEL6_IPV4/24 \ $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ type dontacq flow ah \ $FROM $SRC_AH_TUNNEL_IPV6/64 $TO $ECO_AH_TUNNEL6_IPV6/64 \ $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ type dontacq # AH TUNNEL SA ah tunnel \ from $SRC_OUT_IPV4 to $IPS_IN_IPV4 \ spi 0x10002841:0x10002842 \ authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef ah tunnel \ from $SRC_OUT_IPV6 to $IPS_IN_IPV6 \ spi 0x10002861:0x10002862 \ authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef ## IPIP # IPIP TRANSP flow ipip \ $FROM $SRC_IPIP_TRANSP_IPV4 $TO $IPS_IPIP_TRANSP_IPV4 \ $LOCAL $SRC_IPIP_TRANSP_IPV4 $PEER $IPS_IPIP_TRANSP_IPV4 \ type use flow ipip \ $FROM $SRC_IPIP_TRANSP_IPV6 $TO $IPS_IPIP_TRANSP_IPV6 \ $LOCAL $SRC_IPIP_TRANSP_IPV6 $PEER $IPS_IPIP_TRANSP_IPV6 \ type use # IPIP TRANSP SA ipip transport \ from $SRC_IPIP_TRANSP_IPV4 to $IPS_IPIP_TRANSP_IPV4 \ spi 0x10004441:0x10004442 ipip transport \ from $SRC_IPIP_TRANSP_IPV6 to $IPS_IPIP_TRANSP_IPV6 \ spi 0x10004461:0x10004462 # IPIP TUNNEL IPS flow ipip \ $FROM $SRC_IPIP_TUNNEL_IPV4/24 $TO $IPS_IPIP_TUNNEL4_IPV4/24 \ $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ type use flow ipip \ $FROM $SRC_IPIP_TUNNEL_IPV6/64 $TO $IPS_IPIP_TUNNEL4_IPV6/64 \ $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ type use flow ipip \ $FROM $SRC_IPIP_TUNNEL_IPV4/24 $TO $IPS_IPIP_TUNNEL6_IPV4/24 \ $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ type use flow ipip \ $FROM $SRC_IPIP_TUNNEL_IPV6/64 $TO $IPS_IPIP_TUNNEL6_IPV6/64 \ $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ type use # IPIP TUNNEL ECO flow ipip \ $FROM $SRC_IPIP_TUNNEL_IPV4/24 $TO $ECO_IPIP_TUNNEL4_IPV4/24 \ $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ type use flow ipip \ $FROM $SRC_IPIP_TUNNEL_IPV6/64 $TO $ECO_IPIP_TUNNEL4_IPV6/64 \ $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ type use flow ipip \ $FROM $SRC_IPIP_TUNNEL_IPV4/24 $TO $ECO_IPIP_TUNNEL6_IPV4/24 \ $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ type use flow ipip \ $FROM $SRC_IPIP_TUNNEL_IPV6/64 $TO $ECO_IPIP_TUNNEL6_IPV6/64 \ $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ type use # IPIP TUNNEL SA ipip tunnel \ from $SRC_OUT_IPV4 to $IPS_IN_IPV4 \ spi 0x10004841:0x10004842 ipip tunnel \ from $SRC_OUT_IPV6 to $IPS_IN_IPV6 \ spi 0x10004861:0x10004862 ## IPCOMP # IPCOMP TRANSP flow ipcomp \ $FROM $SRC_IPCOMP_TRANSP_IPV4 $TO $IPS_IPCOMP_TRANSP_IPV4 \ $LOCAL $SRC_IPCOMP_TRANSP_IPV4 $PEER $IPS_IPCOMP_TRANSP_IPV4 \ type use flow ipcomp \ $FROM $SRC_IPCOMP_TRANSP_IPV6 $TO $IPS_IPCOMP_TRANSP_IPV6 \ $LOCAL $SRC_IPCOMP_TRANSP_IPV6 $PEER $IPS_IPCOMP_TRANSP_IPV6 \ type use # IPCOMP TRANSP SA ipcomp transport \ from $SRC_IPCOMP_TRANSP_IPV4 to $IPS_IPCOMP_TRANSP_IPV4 \ spi 0x6441:0x6442 ipcomp transport \ from $SRC_IPCOMP_TRANSP_IPV6 to $IPS_IPCOMP_TRANSP_IPV6 \ spi 0x6461:0x6462 # IPCOMP TUNNEL IPS flow ipcomp \ $FROM $SRC_IPCOMP_TUNNEL_IPV4/24 $TO $IPS_IPCOMP_TUNNEL4_IPV4/24 \ $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ type use flow ipcomp \ $FROM $SRC_IPCOMP_TUNNEL_IPV6/64 $TO $IPS_IPCOMP_TUNNEL4_IPV6/64 \ $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ type use flow ipcomp \ $FROM $SRC_IPCOMP_TUNNEL_IPV4/24 $TO $IPS_IPCOMP_TUNNEL6_IPV4/24 \ $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ type use flow ipcomp \ $FROM $SRC_IPCOMP_TUNNEL_IPV6/64 $TO $IPS_IPCOMP_TUNNEL6_IPV6/64 \ $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ type use # IPCOMP TUNNEL ECO flow ipcomp \ $FROM $SRC_IPCOMP_TUNNEL_IPV4/24 $TO $ECO_IPCOMP_TUNNEL4_IPV4/24 \ $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ type use flow ipcomp \ $FROM $SRC_IPCOMP_TUNNEL_IPV6/64 $TO $ECO_IPCOMP_TUNNEL4_IPV6/64 \ $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ type use flow ipcomp \ $FROM $SRC_IPCOMP_TUNNEL_IPV4/24 $TO $ECO_IPCOMP_TUNNEL6_IPV4/24 \ $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ type use flow ipcomp \ $FROM $SRC_IPCOMP_TUNNEL_IPV6/64 $TO $ECO_IPCOMP_TUNNEL6_IPV6/64 \ $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ type use # IPCOMP TUNNEL SA ipcomp tunnel \ from $SRC_OUT_IPV4 to $IPS_IN_IPV4 \ spi 0x6841:0x6842 ipcomp tunnel \ from $SRC_OUT_IPV6 to $IPS_IN_IPV6 \ spi 0x6861:0x6862 ## BUNDLE # BUNDLE TRANSP flow ipcomp \ $FROM $SRC_BUNDLE_TRANSP_IPV4 $TO $IPS_BUNDLE_TRANSP_IPV4 \ $LOCAL $SRC_BUNDLE_TRANSP_IPV4 $PEER $IPS_BUNDLE_TRANSP_IPV4 \ type dontacq flow ipcomp \ $FROM $SRC_BUNDLE_TRANSP_IPV6 $TO $IPS_BUNDLE_TRANSP_IPV6 \ $LOCAL $SRC_BUNDLE_TRANSP_IPV6 $PEER $IPS_BUNDLE_TRANSP_IPV6 \ type dontacq # BUNDLE TRANSP SA ipcomp transport \ from $SRC_BUNDLE_TRANSP_IPV4 to $IPS_BUNDLE_TRANSP_IPV4 \ spi 0x8441:0x8442 \ bundle identifier esp transport \ from $SRC_BUNDLE_TRANSP_IPV4 to $IPS_BUNDLE_TRANSP_IPV4 \ spi 0x10018441:0x10018442 \ authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ bundle identifier ah transport \ from $SRC_BUNDLE_TRANSP_IPV4 to $IPS_BUNDLE_TRANSP_IPV4 \ spi 0x10028441:0x10028442 \ authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ bundle identifier ipcomp transport \ from $SRC_BUNDLE_TRANSP_IPV6 to $IPS_BUNDLE_TRANSP_IPV6 \ spi 0x8461:0x8462 \ bundle identifier esp transport \ from $SRC_BUNDLE_TRANSP_IPV6 to $IPS_BUNDLE_TRANSP_IPV6 \ spi 0x10018461:0x10018462 \ authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ bundle identifier ah transport \ from $SRC_BUNDLE_TRANSP_IPV6 to $IPS_BUNDLE_TRANSP_IPV6 \ spi 0x10028461:0x10028462 \ authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ bundle identifier # BUNDLE TUNNEL IPS flow ipcomp \ $FROM $SRC_BUNDLE_TUNNEL_IPV4/24 $TO $IPS_BUNDLE_TUNNEL4_IPV4/24 \ $LOCAL $SRC_BUNDLE_IPV4 $PEER $IPS_BUNDLE_IPV4 \ type dontacq flow ipcomp \ $FROM $SRC_BUNDLE_TUNNEL_IPV6/64 $TO $IPS_BUNDLE_TUNNEL4_IPV6/64 \ $LOCAL $SRC_BUNDLE_IPV4 $PEER $IPS_BUNDLE_IPV4 \ type dontacq flow ipcomp \ $FROM $SRC_BUNDLE_TUNNEL_IPV4/24 $TO $IPS_BUNDLE_TUNNEL6_IPV4/24 \ $LOCAL $SRC_BUNDLE_IPV6 $PEER $IPS_BUNDLE_IPV6 \ type dontacq flow ipcomp \ $FROM $SRC_BUNDLE_TUNNEL_IPV6/64 $TO $IPS_BUNDLE_TUNNEL6_IPV6/64 \ $LOCAL $SRC_BUNDLE_IPV6 $PEER $IPS_BUNDLE_IPV6 \ type dontacq # BUNDLE TUNNEL ECO flow ipcomp \ $FROM $SRC_BUNDLE_TUNNEL_IPV4/24 $TO $ECO_BUNDLE_TUNNEL4_IPV4/24 \ $LOCAL $SRC_BUNDLE_IPV4 $PEER $IPS_BUNDLE_IPV4 \ type dontacq flow ipcomp \ $FROM $SRC_BUNDLE_TUNNEL_IPV6/64 $TO $ECO_BUNDLE_TUNNEL4_IPV6/64 \ $LOCAL $SRC_BUNDLE_IPV4 $PEER $IPS_BUNDLE_IPV4 \ type dontacq flow ipcomp \ $FROM $SRC_BUNDLE_TUNNEL_IPV4/24 $TO $ECO_BUNDLE_TUNNEL6_IPV4/24 \ $LOCAL $SRC_BUNDLE_IPV6 $PEER $IPS_BUNDLE_IPV6 \ type dontacq flow ipcomp \ $FROM $SRC_BUNDLE_TUNNEL_IPV6/64 $TO $ECO_BUNDLE_TUNNEL6_IPV6/64 \ $LOCAL $SRC_BUNDLE_IPV6 $PEER $IPS_BUNDLE_IPV6 \ type dontacq # BUNDLE TUNNEL SA ipcomp tunnel \ from $SRC_BUNDLE_IPV4 to $IPS_BUNDLE_IPV4 \ spi 0x8841:0x8842 \ bundle identifier esp tunnel \ from $SRC_BUNDLE_IPV4 to $IPS_BUNDLE_IPV4 \ spi 0x10018841:0x10018842 \ authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ bundle identifier ah tunnel \ from $SRC_BUNDLE_IPV4 to $IPS_BUNDLE_IPV4 \ spi 0x10028841:0x10028842 \ authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ bundle identifier ipcomp tunnel \ from $SRC_BUNDLE_IPV6 to $IPS_BUNDLE_IPV6 \ spi 0x8861:0x8862 \ bundle identifier esp tunnel \ from $SRC_BUNDLE_IPV6 to $IPS_BUNDLE_IPV6 \ spi 0x10018861:0x10018862 \ authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ bundle identifier ah tunnel \ from $SRC_BUNDLE_IPV6 to $IPS_BUNDLE_IPV6 \ spi 0x10028861:0x10028862 \ authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ bundle identifier