ipsec.conf revision 1.1 
1#	$OpenBSD: ipsec.conf,v 1.1 2017/02/06 21:54:05 bluhm Exp $
2### regress ipsec ipsec.conf
3
4# Install symmetric config by exchanging local and peer keywords.
5FROM="from"
6TO="to"
7LOCAL="local"
8PEER="peer"
9
10# TRANSP
11
12flow esp \
13	$FROM	$SRC_TRANSP_IPV4/24	$TO	$IPS_TRANSP_IPV4/24 \
14	$LOCAL	$SRC_TRANSP_IPV4	$PEER	$IPS_TRANSP_IPV4 \
15	type	dontacq
16flow esp \
17	$FROM	$SRC_TRANSP_IPV6/64	$TO	$IPS_TRANSP_IPV6/64 \
18	$LOCAL	$SRC_TRANSP_IPV6	$PEER	$IPS_TRANSP_IPV6 \
19	type	dontacq
20
21# TRANSP SA
22
23esp transport \
24	from	$SRC_TRANSP_IPV4	to	$IPS_TRANSP_IPV4 \
25	spi	0x10000441:0x10000442 \
26	authkey	0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \
27	enckey	0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
28
29esp transport \
30	from	$SRC_TRANSP_IPV6	to	$IPS_TRANSP_IPV6 \
31	spi	0x10000461:0x10000462 \
32	authkey	0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \
33	enckey	0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
34
35# TUNNEL IPS
36
37flow esp \
38	$FROM	$SRC_TUNNEL_IPV4/24	$TO	$IPS_TUNNEL4_IPV4/24 \
39	$LOCAL	$SRC_OUT_IPV4		$PEER	$IPS_IN_IPV4 \
40	type	dontacq
41flow esp \
42	$FROM	$SRC_TUNNEL_IPV6/64	$TO	$IPS_TUNNEL4_IPV6/64 \
43	$LOCAL	$SRC_OUT_IPV4		$PEER	$IPS_IN_IPV4 \
44	type	dontacq
45
46flow esp \
47	$FROM	$SRC_TUNNEL_IPV4/24	$TO	$IPS_TUNNEL6_IPV4/24 \
48	$LOCAL	$SRC_OUT_IPV6		$PEER	$IPS_IN_IPV6 \
49	type	dontacq
50flow esp \
51	$FROM	$SRC_TUNNEL_IPV6/64	$TO	$IPS_TUNNEL6_IPV6/64 \
52	$LOCAL	$SRC_OUT_IPV6		$PEER	$IPS_IN_IPV6 \
53	type	dontacq
54
55# TUNNEL ECO
56
57flow esp \
58	$FROM	$SRC_TUNNEL_IPV4/24	$TO	$ECO_TUNNEL4_IPV4/24 \
59	$LOCAL	$SRC_OUT_IPV4		$PEER	$IPS_IN_IPV4 \
60	type	dontacq
61flow esp \
62	$FROM	$SRC_TUNNEL_IPV6/64	$TO	$ECO_TUNNEL4_IPV6/64 \
63	$LOCAL	$SRC_OUT_IPV4		$PEER	$IPS_IN_IPV4 \
64	type	dontacq
65
66flow esp \
67	$FROM	$SRC_TUNNEL_IPV4/24	$TO	$ECO_TUNNEL6_IPV4/24 \
68	$LOCAL	$SRC_OUT_IPV6		$PEER	$IPS_IN_IPV6 \
69	type	dontacq
70flow esp \
71	$FROM	$SRC_TUNNEL_IPV6/64	$TO	$ECO_TUNNEL6_IPV6/64 \
72	$LOCAL	$SRC_OUT_IPV6		$PEER	$IPS_IN_IPV6 \
73	type	dontacq
74
75# TUNNEL SA
76
77esp tunnel \
78	from	$SRC_OUT_IPV4	to	$IPS_IN_IPV4 \
79	spi	0x10000841:0x10000842 \
80	authkey	0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \
81	enckey	0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
82
83esp tunnel \
84	from	$SRC_OUT_IPV6	to	$IPS_IN_IPV6 \
85	spi	0x10000861:0x10000862 \
86	authkey	0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef \
87	enckey	0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef:0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
88