sample.cf (62583) | sample.cf (108533) |
---|---|
1# Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 2# All rights reserved. 3# 4# Redistribution and use in source and binary forms, with or without 5# modification, are permitted provided that the following conditions 6# are met: 7# 1. Redistributions of source code must retain the above copyright 8# notice, this list of conditions and the following disclaimer. --- 11 unchanged lines hidden (view full) --- 20# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26# SUCH DAMAGE. 27# | 1# Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 2# All rights reserved. 3# 4# Redistribution and use in source and binary forms, with or without 5# modification, are permitted provided that the following conditions 6# are met: 7# 1. Redistributions of source code must retain the above copyright 8# notice, this list of conditions and the following disclaimer. --- 11 unchanged lines hidden (view full) --- 20# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26# SUCH DAMAGE. 27# |
28# $FreeBSD: head/sbin/setkey/sample.cf 62583 2000-07-04 16:22:05Z itojun $ | 28# $FreeBSD: head/sbin/setkey/sample.cf 108533 2003-01-01 18:49:04Z schweikh $ |
29 30# There are sample scripts for IPsec configuration by manual keying. 31# A security association is uniquely identified by a triple consisting 32# of a Security Parameter Index (SPI), an IP Destination Address, and a 33# security protocol (AH or ESP) identifier. You must take care of these 34# parameters when you configure by manual keying. 35 36# ESP transport mode is recommended for TCP port number 110 between --- 124 unchanged lines hidden (view full) --- 161add fec0:0:0:2::2 fec0:0:0:1::1 esp 0x10003 162 -m transport 163 -E cast128-cbc "12341234" 164 -A hmac-sha1 "this is the test key" ; 165add fec0:0:0:2::1 fec0:0:0:1::1 esp 0x10004 166 -E rc5-cbc "kamekame" 167 -A hmac-md5 "this is the test" ; 168 | 29 30# There are sample scripts for IPsec configuration by manual keying. 31# A security association is uniquely identified by a triple consisting 32# of a Security Parameter Index (SPI), an IP Destination Address, and a 33# security protocol (AH or ESP) identifier. You must take care of these 34# parameters when you configure by manual keying. 35 36# ESP transport mode is recommended for TCP port number 110 between --- 124 unchanged lines hidden (view full) --- 161add fec0:0:0:2::2 fec0:0:0:1::1 esp 0x10003 162 -m transport 163 -E cast128-cbc "12341234" 164 -A hmac-sha1 "this is the test key" ; 165add fec0:0:0:2::1 fec0:0:0:1::1 esp 0x10004 166 -E rc5-cbc "kamekame" 167 -A hmac-md5 "this is the test" ; 168 |
169# By "get" command, you can get a entry of either SP or SA. | 169# By "get" command, you can get an entry of either SP or SA. |
170get fec0:0:0:1::1 fec0:0:0:2::2 ah 0x10004 ; 171 | 170get fec0:0:0:1::1 fec0:0:0:2::2 ah 0x10004 ; 171 |
172# Also delete command, you can delete a entry of either SP or SA. | 172# Also delete command, you can delete an entry of either SP or SA. |
173spddelete fec0:0:0:1::/64 fec0:0:0:2::/64 any -P out; 174delete fec0:0:0:1::1 fec0:0:0:2::2 ah 0x10004 ; 175 176# By dump command, you can dump all entry of either SP or SA. 177dump ; 178spddump ; 179dump esp ; 180flush esp ; --- 39 unchanged lines hidden --- | 173spddelete fec0:0:0:1::/64 fec0:0:0:2::/64 any -P out; 174delete fec0:0:0:1::1 fec0:0:0:2::2 ah 0x10004 ; 175 176# By dump command, you can dump all entry of either SP or SA. 177dump ; 178spddump ; 179dump esp ; 180flush esp ; --- 39 unchanged lines hidden --- |