sample.cf (55505) | sample.cf (62583) |
---|---|
1# Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 2# All rights reserved. 3# 4# Redistribution and use in source and binary forms, with or without 5# modification, are permitted provided that the following conditions 6# are met: 7# 1. Redistributions of source code must retain the above copyright 8# notice, this list of conditions and the following disclaimer. --- 11 unchanged lines hidden (view full) --- 20# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26# SUCH DAMAGE. 27# | 1# Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 2# All rights reserved. 3# 4# Redistribution and use in source and binary forms, with or without 5# modification, are permitted provided that the following conditions 6# are met: 7# 1. Redistributions of source code must retain the above copyright 8# notice, this list of conditions and the following disclaimer. --- 11 unchanged lines hidden (view full) --- 20# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26# SUCH DAMAGE. 27# |
28# $FreeBSD: head/sbin/setkey/sample.cf 55505 2000-01-06 12:40:54Z shin $ | 28# $FreeBSD: head/sbin/setkey/sample.cf 62583 2000-07-04 16:22:05Z itojun $ |
29 30# There are sample scripts for IPsec configuration by manual keying. 31# A security association is uniquely identified by a triple consisting 32# of a Security Parameter Index (SPI), an IP Destination Address, and a 33# security protocol (AH or ESP) identifier. You must take care of these 34# parameters when you configure by manual keying. 35 36# ESP transport mode is recommended for TCP port number 110 between --- 128 unchanged lines hidden (view full) --- 165add fec0:0:0:2::1 fec0:0:0:1::1 esp 0x10004 166 -E rc5-cbc "kamekame" 167 -A hmac-md5 "this is the test" ; 168 169# By "get" command, you can get a entry of either SP or SA. 170get fec0:0:0:1::1 fec0:0:0:2::2 ah 0x10004 ; 171 172# Also delete command, you can delete a entry of either SP or SA. | 29 30# There are sample scripts for IPsec configuration by manual keying. 31# A security association is uniquely identified by a triple consisting 32# of a Security Parameter Index (SPI), an IP Destination Address, and a 33# security protocol (AH or ESP) identifier. You must take care of these 34# parameters when you configure by manual keying. 35 36# ESP transport mode is recommended for TCP port number 110 between --- 128 unchanged lines hidden (view full) --- 165add fec0:0:0:2::1 fec0:0:0:1::1 esp 0x10004 166 -E rc5-cbc "kamekame" 167 -A hmac-md5 "this is the test" ; 168 169# By "get" command, you can get a entry of either SP or SA. 170get fec0:0:0:1::1 fec0:0:0:2::2 ah 0x10004 ; 171 172# Also delete command, you can delete a entry of either SP or SA. |
173spddelete out fec0:0:0:1::/64 fec0:0:0:2:/64 any ; | 173spddelete fec0:0:0:1::/64 fec0:0:0:2::/64 any -P out; |
174delete fec0:0:0:1::1 fec0:0:0:2::2 ah 0x10004 ; 175 176# By dump command, you can dump all entry of either SP or SA. 177dump ; 178spddump ; 179dump esp ; 180flush esp ; 181 --- 17 unchanged lines hidden (view full) --- 199add ::1 ::1 esp 10009 -m transport -E des-cbc "testtest" ; 200add ::1 ::1 esp 10010 -m transport -E 3des-cbc "testtest12341234testtest" ; 201add ::1 ::1 esp 10011 -m tunnel -E cast128-cbc "testtest1234" ; 202add ::1 ::1 esp 10012 -m tunnel -E blowfish-cbc "testtest1234" ; 203add ::1 ::1 esp 10013 -m tunnel -E rc5-cbc "testtest1234" ; 204add ::1 ::1 esp 10014 -m any -E rc5-cbc "testtest1234" ; 205add ::1 ::1 esp 10015 -m transport -f zero-pad -E simple ; 206add ::1 ::1 esp 10016 -m tunnel -f random-pad -r 8 -lh 100 -ls 80 -E simple ; | 174delete fec0:0:0:1::1 fec0:0:0:2::2 ah 0x10004 ; 175 176# By dump command, you can dump all entry of either SP or SA. 177dump ; 178spddump ; 179dump esp ; 180flush esp ; 181 --- 17 unchanged lines hidden (view full) --- 199add ::1 ::1 esp 10009 -m transport -E des-cbc "testtest" ; 200add ::1 ::1 esp 10010 -m transport -E 3des-cbc "testtest12341234testtest" ; 201add ::1 ::1 esp 10011 -m tunnel -E cast128-cbc "testtest1234" ; 202add ::1 ::1 esp 10012 -m tunnel -E blowfish-cbc "testtest1234" ; 203add ::1 ::1 esp 10013 -m tunnel -E rc5-cbc "testtest1234" ; 204add ::1 ::1 esp 10014 -m any -E rc5-cbc "testtest1234" ; 205add ::1 ::1 esp 10015 -m transport -f zero-pad -E simple ; 206add ::1 ::1 esp 10016 -m tunnel -f random-pad -r 8 -lh 100 -ls 80 -E simple ; |
207add ::1 ::1 esp 10017 -m transport -f seq-pad -f cyclic-seq -E simple ; | 207add ::1 ::1 esp 10017 -m transport -f seq-pad -f nocyclic-seq -E simple ; |
208add ::1 ::1 esp 10018 -m transport -E simple ; 209#add ::1 ::1 ah 20000 -m transport -A null ; 210add ::1 ::1 ah 20001 -m any -A hmac-md5 "1234123412341234"; 211add ::1 ::1 ah 20002 -m tunnel -A hmac-sha1 "12341234123412341234"; 212add ::1 ::1 ah 20003 -m transport -A keyed-md5 "1234123412341234"; 213add ::1 ::1 ah-old 20004 -m transport -A keyed-md5 "1234123412341234"; 214add ::1 ::1 ah 20005 -m transport -A keyed-sha1 "12341234123412341234"; 215#add ::1 ::1 ipcomp 30000 -C oui ; 216add ::1 ::1 ipcomp 30001 -C deflate ; 217#add ::1 ::1 ipcomp 30002 -C lzs ; 218 219# enjoy. | 208add ::1 ::1 esp 10018 -m transport -E simple ; 209#add ::1 ::1 ah 20000 -m transport -A null ; 210add ::1 ::1 ah 20001 -m any -A hmac-md5 "1234123412341234"; 211add ::1 ::1 ah 20002 -m tunnel -A hmac-sha1 "12341234123412341234"; 212add ::1 ::1 ah 20003 -m transport -A keyed-md5 "1234123412341234"; 213add ::1 ::1 ah-old 20004 -m transport -A keyed-md5 "1234123412341234"; 214add ::1 ::1 ah 20005 -m transport -A keyed-sha1 "12341234123412341234"; 215#add ::1 ::1 ipcomp 30000 -C oui ; 216add ::1 ::1 ipcomp 30001 -C deflate ; 217#add ::1 ::1 ipcomp 30002 -C lzs ; 218 219# enjoy. |