1# $OpenBSD: ipsec.conf,v 1.9 2021/01/20 17:38:18 bluhm Exp $ 2### regress ipsec ipsec.conf 3 4# Install symmetric config by exchanging local and peer keywords. 5FROM="from" 6TO="to" 7LOCAL="local" 8PEER="peer" 9 10## ESP 11 12# ESP TRANSP 13 14flow esp \ 15 $FROM $SRC_ESP_TRANSP_IPV4 $TO $IPS_ESP_TRANSP_IPV4 \ 16 $LOCAL $SRC_ESP_TRANSP_IPV4 $PEER $IPS_ESP_TRANSP_IPV4 \ 17 type dontacq 18flow esp \ 19 $FROM $SRC_ESP_TRANSP_IPV6 $TO $IPS_ESP_TRANSP_IPV6 \ 20 $LOCAL $SRC_ESP_TRANSP_IPV6 $PEER $IPS_ESP_TRANSP_IPV6 \ 21 type dontacq 22 23# ESP TRANSP SA 24 25esp transport \ 26 from $SRC_ESP_TRANSP_IPV4 to $IPS_ESP_TRANSP_IPV4 \ 27 spi 0x10000441:0x10000442 \ 28 authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 29 enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef 30 31esp transport \ 32 from $SRC_ESP_TRANSP_IPV6 to $IPS_ESP_TRANSP_IPV6 \ 33 spi 0x10000461:0x10000462 \ 34 authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 35 enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef 36 37# ESP TUNNEL IPS 38 39flow esp \ 40 $FROM $SRC_ESP_TUNNEL_IPV4/24 $TO $IPS_ESP_TUNNEL4_IPV4/24 \ 41 $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ 42 type dontacq 43flow esp \ 44 $FROM $SRC_ESP_TUNNEL_IPV6/64 $TO $IPS_ESP_TUNNEL4_IPV6/64 \ 45 $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ 46 type dontacq 47# icmp need to frag 48flow esp proto icmp \ 49 $FROM $SRC_ESP_TUNNEL_IPV4/24 $TO $IPS_IN_IPV4 \ 50 $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ 51 type dontacq 52 53flow esp \ 54 $FROM $SRC_ESP_TUNNEL_IPV4/24 $TO $IPS_ESP_TUNNEL6_IPV4/24 \ 55 $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ 56 type dontacq 57flow esp \ 58 $FROM $SRC_ESP_TUNNEL_IPV6/64 $TO $IPS_ESP_TUNNEL6_IPV6/64 \ 59 $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ 60 type dontacq 61# icmp6 too big 62flow esp proto icmp6 \ 63 $FROM $SRC_ESP_TUNNEL_IPV6/64 $TO $IPS_IN_IPV6 \ 64 $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ 65 type dontacq 66 67# ESP TUNNEL ECO 68 69flow esp \ 70 $FROM $SRC_ESP_TUNNEL_IPV4/24 $TO $ECO_ESP_TUNNEL4_IPV4/24 \ 71 $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ 72 type dontacq 73flow esp \ 74 $FROM $SRC_ESP_TUNNEL_IPV6/64 $TO $ECO_ESP_TUNNEL4_IPV6/64 \ 75 $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ 76 type dontacq 77# icmp need to frag 78flow esp proto icmp \ 79 $FROM $SRC_ESP_TUNNEL_IPV4/24 $TO $RT_IN_IPV4 \ 80 $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ 81 type dontacq 82 83flow esp \ 84 $FROM $SRC_ESP_TUNNEL_IPV4/24 $TO $ECO_ESP_TUNNEL6_IPV4/24 \ 85 $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ 86 type dontacq 87flow esp \ 88 $FROM $SRC_ESP_TUNNEL_IPV6/64 $TO $ECO_ESP_TUNNEL6_IPV6/64 \ 89 $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ 90 type dontacq 91# icmp6 too big 92flow esp proto icmp6 \ 93 $FROM $SRC_ESP_TUNNEL_IPV6/64 $TO $RT_IN_IPV6 \ 94 $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ 95 type dontacq 96 97# ESP TUNNEL SA 98 99esp tunnel \ 100 from $SRC_OUT_IPV4 to $IPS_IN_IPV4 \ 101 spi 0x10000841:0x10000842 \ 102 authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 103 enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef 104 105esp tunnel \ 106 from $SRC_OUT_IPV6 to $IPS_IN_IPV6 \ 107 spi 0x10000861:0x10000862 \ 108 authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 109 enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef 110 111## AH 112 113# AH TRANSP 114 115flow ah \ 116 $FROM $SRC_AH_TRANSP_IPV4 $TO $IPS_AH_TRANSP_IPV4 \ 117 $LOCAL $SRC_AH_TRANSP_IPV4 $PEER $IPS_AH_TRANSP_IPV4 \ 118 type dontacq 119flow ah \ 120 $FROM $SRC_AH_TRANSP_IPV6 $TO $IPS_AH_TRANSP_IPV6 \ 121 $LOCAL $SRC_AH_TRANSP_IPV6 $PEER $IPS_AH_TRANSP_IPV6 \ 122 type dontacq 123 124# AH TRANSP SA 125 126ah transport \ 127 from $SRC_AH_TRANSP_IPV4 to $IPS_AH_TRANSP_IPV4 \ 128 spi 0x10002441:0x10002442 \ 129 authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 130 enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef 131 132ah transport \ 133 from $SRC_AH_TRANSP_IPV6 to $IPS_AH_TRANSP_IPV6 \ 134 spi 0x10002461:0x10002462 \ 135 authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 136 enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef 137 138# AH TUNNEL IPS 139 140flow ah \ 141 $FROM $SRC_AH_TUNNEL_IPV4/24 $TO $IPS_AH_TUNNEL4_IPV4/24 \ 142 $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ 143 type dontacq 144flow ah \ 145 $FROM $SRC_AH_TUNNEL_IPV6/64 $TO $IPS_AH_TUNNEL4_IPV6/64 \ 146 $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ 147 type dontacq 148 149flow ah \ 150 $FROM $SRC_AH_TUNNEL_IPV4/24 $TO $IPS_AH_TUNNEL6_IPV4/24 \ 151 $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ 152 type dontacq 153flow ah \ 154 $FROM $SRC_AH_TUNNEL_IPV6/64 $TO $IPS_AH_TUNNEL6_IPV6/64 \ 155 $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ 156 type dontacq 157 158# AH TUNNEL ECO 159 160flow ah \ 161 $FROM $SRC_AH_TUNNEL_IPV4/24 $TO $ECO_AH_TUNNEL4_IPV4/24 \ 162 $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ 163 type dontacq 164flow ah \ 165 $FROM $SRC_AH_TUNNEL_IPV6/64 $TO $ECO_AH_TUNNEL4_IPV6/64 \ 166 $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ 167 type dontacq 168 169flow ah \ 170 $FROM $SRC_AH_TUNNEL_IPV4/24 $TO $ECO_AH_TUNNEL6_IPV4/24 \ 171 $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ 172 type dontacq 173flow ah \ 174 $FROM $SRC_AH_TUNNEL_IPV6/64 $TO $ECO_AH_TUNNEL6_IPV6/64 \ 175 $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ 176 type dontacq 177 178# AH TUNNEL SA 179 180ah tunnel \ 181 from $SRC_OUT_IPV4 to $IPS_IN_IPV4 \ 182 spi 0x10002841:0x10002842 \ 183 authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 184 enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef 185 186ah tunnel \ 187 from $SRC_OUT_IPV6 to $IPS_IN_IPV6 \ 188 spi 0x10002861:0x10002862 \ 189 authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 190 enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef 191 192## IPIP 193 194# IPIP TRANSP 195 196flow ipip \ 197 $FROM $SRC_IPIP_TRANSP_IPV4 $TO $IPS_IPIP_TRANSP_IPV4 \ 198 $LOCAL $SRC_IPIP_TRANSP_IPV4 $PEER $IPS_IPIP_TRANSP_IPV4 \ 199 type use 200flow ipip \ 201 $FROM $SRC_IPIP_TRANSP_IPV6 $TO $IPS_IPIP_TRANSP_IPV6 \ 202 $LOCAL $SRC_IPIP_TRANSP_IPV6 $PEER $IPS_IPIP_TRANSP_IPV6 \ 203 type use 204 205# IPIP TRANSP SA 206 207ipip transport \ 208 from $SRC_IPIP_TRANSP_IPV4 to $IPS_IPIP_TRANSP_IPV4 \ 209 spi 0x10004441:0x10004442 210 211ipip transport \ 212 from $SRC_IPIP_TRANSP_IPV6 to $IPS_IPIP_TRANSP_IPV6 \ 213 spi 0x10004461:0x10004462 214 215# IPIP TUNNEL IPS 216 217flow ipip \ 218 $FROM $SRC_IPIP_TUNNEL_IPV4/24 $TO $IPS_IPIP_TUNNEL4_IPV4/24 \ 219 $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ 220 type use 221flow ipip \ 222 $FROM $SRC_IPIP_TUNNEL_IPV6/64 $TO $IPS_IPIP_TUNNEL4_IPV6/64 \ 223 $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ 224 type use 225 226flow ipip \ 227 $FROM $SRC_IPIP_TUNNEL_IPV4/24 $TO $IPS_IPIP_TUNNEL6_IPV4/24 \ 228 $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ 229 type use 230flow ipip \ 231 $FROM $SRC_IPIP_TUNNEL_IPV6/64 $TO $IPS_IPIP_TUNNEL6_IPV6/64 \ 232 $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ 233 type use 234 235# IPIP TUNNEL ECO 236 237flow ipip \ 238 $FROM $SRC_IPIP_TUNNEL_IPV4/24 $TO $ECO_IPIP_TUNNEL4_IPV4/24 \ 239 $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ 240 type use 241flow ipip \ 242 $FROM $SRC_IPIP_TUNNEL_IPV6/64 $TO $ECO_IPIP_TUNNEL4_IPV6/64 \ 243 $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ 244 type use 245 246flow ipip \ 247 $FROM $SRC_IPIP_TUNNEL_IPV4/24 $TO $ECO_IPIP_TUNNEL6_IPV4/24 \ 248 $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ 249 type use 250flow ipip \ 251 $FROM $SRC_IPIP_TUNNEL_IPV6/64 $TO $ECO_IPIP_TUNNEL6_IPV6/64 \ 252 $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ 253 type use 254 255# IPIP TUNNEL SA 256 257ipip tunnel \ 258 from $SRC_OUT_IPV4 to $IPS_IN_IPV4 \ 259 spi 0x10004841:0x10004842 260 261ipip tunnel \ 262 from $SRC_OUT_IPV6 to $IPS_IN_IPV6 \ 263 spi 0x10004861:0x10004862 264 265## IPCOMP 266 267# IPCOMP TRANSP 268 269flow ipcomp \ 270 $FROM $SRC_IPCOMP_TRANSP_IPV4 $TO $IPS_IPCOMP_TRANSP_IPV4 \ 271 $LOCAL $SRC_IPCOMP_TRANSP_IPV4 $PEER $IPS_IPCOMP_TRANSP_IPV4 \ 272 type use 273flow ipcomp \ 274 $FROM $SRC_IPCOMP_TRANSP_IPV6 $TO $IPS_IPCOMP_TRANSP_IPV6 \ 275 $LOCAL $SRC_IPCOMP_TRANSP_IPV6 $PEER $IPS_IPCOMP_TRANSP_IPV6 \ 276 type use 277 278# IPCOMP TRANSP SA 279 280ipcomp transport \ 281 from $SRC_IPCOMP_TRANSP_IPV4 to $IPS_IPCOMP_TRANSP_IPV4 \ 282 spi 0x6441:0x6442 283 284ipcomp transport \ 285 from $SRC_IPCOMP_TRANSP_IPV6 to $IPS_IPCOMP_TRANSP_IPV6 \ 286 spi 0x6461:0x6462 287 288# IPCOMP TUNNEL IPS 289 290flow ipcomp \ 291 $FROM $SRC_IPCOMP_TUNNEL_IPV4/24 $TO $IPS_IPCOMP_TUNNEL4_IPV4/24 \ 292 $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ 293 type use 294flow ipcomp \ 295 $FROM $SRC_IPCOMP_TUNNEL_IPV6/64 $TO $IPS_IPCOMP_TUNNEL4_IPV6/64 \ 296 $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ 297 type use 298 299flow ipcomp \ 300 $FROM $SRC_IPCOMP_TUNNEL_IPV4/24 $TO $IPS_IPCOMP_TUNNEL6_IPV4/24 \ 301 $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ 302 type use 303flow ipcomp \ 304 $FROM $SRC_IPCOMP_TUNNEL_IPV6/64 $TO $IPS_IPCOMP_TUNNEL6_IPV6/64 \ 305 $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ 306 type use 307 308# IPCOMP TUNNEL ECO 309 310flow ipcomp \ 311 $FROM $SRC_IPCOMP_TUNNEL_IPV4/24 $TO $ECO_IPCOMP_TUNNEL4_IPV4/24 \ 312 $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ 313 type use 314flow ipcomp \ 315 $FROM $SRC_IPCOMP_TUNNEL_IPV6/64 $TO $ECO_IPCOMP_TUNNEL4_IPV6/64 \ 316 $LOCAL $SRC_OUT_IPV4 $PEER $IPS_IN_IPV4 \ 317 type use 318 319flow ipcomp \ 320 $FROM $SRC_IPCOMP_TUNNEL_IPV4/24 $TO $ECO_IPCOMP_TUNNEL6_IPV4/24 \ 321 $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ 322 type use 323flow ipcomp \ 324 $FROM $SRC_IPCOMP_TUNNEL_IPV6/64 $TO $ECO_IPCOMP_TUNNEL6_IPV6/64 \ 325 $LOCAL $SRC_OUT_IPV6 $PEER $IPS_IN_IPV6 \ 326 type use 327 328# IPCOMP TUNNEL SA 329 330ipcomp tunnel \ 331 from $SRC_OUT_IPV4 to $IPS_IN_IPV4 \ 332 spi 0x6841:0x6842 333 334ipcomp tunnel \ 335 from $SRC_OUT_IPV6 to $IPS_IN_IPV6 \ 336 spi 0x6861:0x6862 337 338## BUNDLE 339 340# BUNDLE TRANSP 341 342flow ipcomp \ 343 $FROM $SRC_BUNDLE_TRANSP_IPV4 $TO $IPS_BUNDLE_TRANSP_IPV4 \ 344 $LOCAL $SRC_BUNDLE_TRANSP_IPV4 $PEER $IPS_BUNDLE_TRANSP_IPV4 \ 345 type dontacq 346flow ipcomp \ 347 $FROM $SRC_BUNDLE_TRANSP_IPV6 $TO $IPS_BUNDLE_TRANSP_IPV6 \ 348 $LOCAL $SRC_BUNDLE_TRANSP_IPV6 $PEER $IPS_BUNDLE_TRANSP_IPV6 \ 349 type dontacq 350 351# BUNDLE TRANSP SA 352 353ipcomp transport \ 354 from $SRC_BUNDLE_TRANSP_IPV4 to $IPS_BUNDLE_TRANSP_IPV4 \ 355 spi 0x8441:0x8442 \ 356 bundle identifier 357esp transport \ 358 from $SRC_BUNDLE_TRANSP_IPV4 to $IPS_BUNDLE_TRANSP_IPV4 \ 359 spi 0x10018441:0x10018442 \ 360 authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 361 enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 362 bundle identifier 363ah transport \ 364 from $SRC_BUNDLE_TRANSP_IPV4 to $IPS_BUNDLE_TRANSP_IPV4 \ 365 spi 0x10028441:0x10028442 \ 366 authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 367 enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 368 bundle identifier 369 370ipcomp transport \ 371 from $SRC_BUNDLE_TRANSP_IPV6 to $IPS_BUNDLE_TRANSP_IPV6 \ 372 spi 0x8461:0x8462 \ 373 bundle identifier 374esp transport \ 375 from $SRC_BUNDLE_TRANSP_IPV6 to $IPS_BUNDLE_TRANSP_IPV6 \ 376 spi 0x10018461:0x10018462 \ 377 authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 378 enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 379 bundle identifier 380ah transport \ 381 from $SRC_BUNDLE_TRANSP_IPV6 to $IPS_BUNDLE_TRANSP_IPV6 \ 382 spi 0x10028461:0x10028462 \ 383 authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 384 enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 385 bundle identifier 386 387# BUNDLE TUNNEL IPS 388 389flow ipcomp \ 390 $FROM $SRC_BUNDLE_TUNNEL_IPV4/24 $TO $IPS_BUNDLE_TUNNEL4_IPV4/24 \ 391 $LOCAL $SRC_BUNDLE_IPV4 $PEER $IPS_BUNDLE_IPV4 \ 392 type dontacq 393flow ipcomp \ 394 $FROM $SRC_BUNDLE_TUNNEL_IPV6/64 $TO $IPS_BUNDLE_TUNNEL4_IPV6/64 \ 395 $LOCAL $SRC_BUNDLE_IPV4 $PEER $IPS_BUNDLE_IPV4 \ 396 type dontacq 397 398flow ipcomp \ 399 $FROM $SRC_BUNDLE_TUNNEL_IPV4/24 $TO $IPS_BUNDLE_TUNNEL6_IPV4/24 \ 400 $LOCAL $SRC_BUNDLE_IPV6 $PEER $IPS_BUNDLE_IPV6 \ 401 type dontacq 402flow ipcomp \ 403 $FROM $SRC_BUNDLE_TUNNEL_IPV6/64 $TO $IPS_BUNDLE_TUNNEL6_IPV6/64 \ 404 $LOCAL $SRC_BUNDLE_IPV6 $PEER $IPS_BUNDLE_IPV6 \ 405 type dontacq 406 407# BUNDLE TUNNEL ECO 408 409flow ipcomp \ 410 $FROM $SRC_BUNDLE_TUNNEL_IPV4/24 $TO $ECO_BUNDLE_TUNNEL4_IPV4/24 \ 411 $LOCAL $SRC_BUNDLE_IPV4 $PEER $IPS_BUNDLE_IPV4 \ 412 type dontacq 413flow ipcomp \ 414 $FROM $SRC_BUNDLE_TUNNEL_IPV6/64 $TO $ECO_BUNDLE_TUNNEL4_IPV6/64 \ 415 $LOCAL $SRC_BUNDLE_IPV4 $PEER $IPS_BUNDLE_IPV4 \ 416 type dontacq 417 418flow ipcomp \ 419 $FROM $SRC_BUNDLE_TUNNEL_IPV4/24 $TO $ECO_BUNDLE_TUNNEL6_IPV4/24 \ 420 $LOCAL $SRC_BUNDLE_IPV6 $PEER $IPS_BUNDLE_IPV6 \ 421 type dontacq 422flow ipcomp \ 423 $FROM $SRC_BUNDLE_TUNNEL_IPV6/64 $TO $ECO_BUNDLE_TUNNEL6_IPV6/64 \ 424 $LOCAL $SRC_BUNDLE_IPV6 $PEER $IPS_BUNDLE_IPV6 \ 425 type dontacq 426 427# BUNDLE TUNNEL SA 428 429ipcomp tunnel \ 430 from $SRC_BUNDLE_IPV4 to $IPS_BUNDLE_IPV4 \ 431 spi 0x8841:0x8842 \ 432 bundle identifier 433esp tunnel \ 434 from $SRC_BUNDLE_IPV4 to $IPS_BUNDLE_IPV4 \ 435 spi 0x10018841:0x10018842 \ 436 authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 437 enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 438 bundle identifier 439ah tunnel \ 440 from $SRC_BUNDLE_IPV4 to $IPS_BUNDLE_IPV4 \ 441 spi 0x10028841:0x10028842 \ 442 authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 443 enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 444 bundle identifier 445 446ipcomp tunnel \ 447 from $SRC_BUNDLE_IPV6 to $IPS_BUNDLE_IPV6 \ 448 spi 0x8861:0x8862 \ 449 bundle identifier 450esp tunnel \ 451 from $SRC_BUNDLE_IPV6 to $IPS_BUNDLE_IPV6 \ 452 spi 0x10018861:0x10018862 \ 453 authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 454 enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 455 bundle identifier 456ah tunnel \ 457 from $SRC_BUNDLE_IPV6 to $IPS_BUNDLE_IPV6 \ 458 spi 0x10028861:0x10028862 \ 459 authkey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 460 enckey 0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \ 461 bundle identifier 462