regress/sys/netinet/ipsec/ipsec.conf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

#	$OpenBSD: ipsec.conf,v 1.1.1.1 2017/02/06 21:54:05 bluhm Exp $
### regress ipsec ipsec.conf

# Install symmetric config by exchanging local and peer keywords.
FROM="from"
TO="to"
LOCAL="local"
PEER="peer"

# TRANSP

flow esp \
	$FROM	$SRC_TRANSP_IPV4/24	$TO	$IPS_TRANSP_IPV4/24 \
	$LOCAL	$SRC_TRANSP_IPV4	$PEER	$IPS_TRANSP_IPV4 \
	type	dontacq
flow esp \
	$FROM	$SRC_TRANSP_IPV6/64	$TO	$IPS_TRANSP_IPV6/64 \
	$LOCAL	$SRC_TRANSP_IPV6	$PEER	$IPS_TRANSP_IPV6 \
	type	dontacq

# TRANSP SA

esp transport \
	from	$SRC_TRANSP_IPV4	to	$IPS_TRANSP_IPV4 \
	spi	0x10000441:0x10000442 \
	authkey	0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \
	enckey	0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef

esp transport \
	from	$SRC_TRANSP_IPV6	to	$IPS_TRANSP_IPV6 \
	spi	0x10000461:0x10000462 \
	authkey	0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \
	enckey	0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef

# TUNNEL IPS

flow esp \
	$FROM	$SRC_TUNNEL_IPV4/24	$TO	$IPS_TUNNEL4_IPV4/24 \
	$LOCAL	$SRC_OUT_IPV4		$PEER	$IPS_IN_IPV4 \
	type	dontacq
flow esp \
	$FROM	$SRC_TUNNEL_IPV6/64	$TO	$IPS_TUNNEL4_IPV6/64 \
	$LOCAL	$SRC_OUT_IPV4		$PEER	$IPS_IN_IPV4 \
	type	dontacq

flow esp \
	$FROM	$SRC_TUNNEL_IPV4/24	$TO	$IPS_TUNNEL6_IPV4/24 \
	$LOCAL	$SRC_OUT_IPV6		$PEER	$IPS_IN_IPV6 \
	type	dontacq
flow esp \
	$FROM	$SRC_TUNNEL_IPV6/64	$TO	$IPS_TUNNEL6_IPV6/64 \
	$LOCAL	$SRC_OUT_IPV6		$PEER	$IPS_IN_IPV6 \
	type	dontacq

# TUNNEL ECO

flow esp \
	$FROM	$SRC_TUNNEL_IPV4/24	$TO	$ECO_TUNNEL4_IPV4/24 \
	$LOCAL	$SRC_OUT_IPV4		$PEER	$IPS_IN_IPV4 \
	type	dontacq
flow esp \
	$FROM	$SRC_TUNNEL_IPV6/64	$TO	$ECO_TUNNEL4_IPV6/64 \
	$LOCAL	$SRC_OUT_IPV4		$PEER	$IPS_IN_IPV4 \
	type	dontacq

flow esp \
	$FROM	$SRC_TUNNEL_IPV4/24	$TO	$ECO_TUNNEL6_IPV4/24 \
	$LOCAL	$SRC_OUT_IPV6		$PEER	$IPS_IN_IPV6 \
	type	dontacq
flow esp \
	$FROM	$SRC_TUNNEL_IPV6/64	$TO	$ECO_TUNNEL6_IPV6/64 \
	$LOCAL	$SRC_OUT_IPV6		$PEER	$IPS_IN_IPV6 \
	type	dontacq

# TUNNEL SA

esp tunnel \
	from	$SRC_OUT_IPV4	to	$IPS_IN_IPV4 \
	spi	0x10000841:0x10000842 \
	authkey	0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \
	enckey	0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef

esp tunnel \
	from	$SRC_OUT_IPV6	to	$IPS_IN_IPV6 \
	spi	0x10000861:0x10000862 \
	authkey	0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \
	enckey	0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef