sample.cf - OpenGrok cross reference for /freebsd/sbin/setkey/sample.cf

Lines Matching +full:p +full:- +full:256
36 # Host-A and Host-B. Encryption algorithm is aes-cbc whose key
38 # hmac-sha2-512 whose key is "this is the test key".
42 #    Host-A                        Host-B
43 #   fec0::10 -------------------- fec0::11
45 # At Host-A and Host-B,
46 spdadd fec0::10[any] fec0::11[110] tcp -P out ipsec
48 spdadd fec0::11[110] fec0::10[any] tcp -P in ipsec
51 	-m transport
52 	-E aes-cbc "kamekamekamekamekamekamekamekame"
53 	-A hmac-sha2-512 "this is the test key" ;
55 	-m transport
56 	-E aes-cbc "kamekamekamekamekamekamekamekame"
57 	-A hmac-sha2-512 "this is the test key" ;
62 # Security protocol is old AH tunnel mode, i.e. RFC1826, with hmac-sha2-256
64 # That protocol takes place between Gateway-A and Gateway-B.
68 #    Network-A       Gateway-A        Gateway-B        Network-B
69 #   10.0.1.0/24 ---- 172.16.0.1 ----- 172.16.0.2 ---- 10.0.2.0/24
71 # At Gateway-A:
72 spdadd 10.0.1.0/24 10.0.2.0/24 any -P out ipsec
73 	ah/tunnel/172.16.0.1-172.16.0.2/require ;
74 spdadd 10.0.2.0/24 10.0.1.0/24 any -P in ipsec
75 	ah/tunnel/172.16.0.2-172.16.0.1/require ;
76 add 172.16.0.1 172.16.0.2 ah-old 0x10003
77 	-m any
78 	-A hmac-sha2-256 "this is the test" ;
79 add 172.16.0.2 172.16.0.1 ah-old 0x10004
80 	-m any
81 	-A hmac-sha2-256 "this is the test" ;
84 # -m specifies the mode of SA to be used.  "-m any" means wildcard of
88 # At Gateway-B.  Attention to the selector and peer's IP address for tunnel.
89 spdadd 10.0.2.0/24 10.0.1.0/24 any -P out ipsec
90 	ah/tunnel/172.16.0.2-172.16.0.1/require ;
91 spdadd 10.0.1.0/24 10.0.2.0/24 any -P in ipsec
92 	ah/tunnel/172.16.0.1-172.16.0.2/require ;
93 add 172.16.0.1 172.16.0.2 ah-old 0x10003
94 	-m tunnel
95 	-A hmac-sha2-256 "this is the test" ;
96 add 172.16.0.2 172.16.0.1 ah-old 0x10004
97 	-m tunnel
98 	-A hmac-sha2-256 "this is the test" ;
101 # Gateway-A and Gateway-B.
102 # Encryption algorithm is aes-cbc, and authentication algorithm for ESP
103 # is hmac-sha2-512.  Authentication algorithm for AH is hmac-sha2-256.
108 #      Network-A          Gateway-A        Gateway-B           Network-B
109 #   fec0:0:0:1::/64 --- fec0:0:0:1::1 ---- fec0:0:0:2::1 --- fec0:0:0:2::/64
111 # At Gateway-A:
112 spdadd fec0:0:0:1::/64 fec0:0:0:2::/64 any -P out ipsec
113 	esp/tunnel/fec0:0:0:1::1-fec0:0:0:2::1/require
115 spdadd fec0:0:0:2::/64 fec0:0:0:1::/64 any -P in ipsec
116 	esp/tunnel/fec0:0:0:2::1-fec0:0:0:1::1/require
119 	-m tunnel
120 	-E aes-cbc "kamekame12341234kamekame12341234"
121 	-A hmac-sha2-512 "this is the test key" ;
123 	-m transport
124 	-A hmac-sha2-256 "this is the test" ;
126 	-m tunnel
127 	-E aes-cbc "kamekame12341234kamekame12341234"
128 	-A hmac-sha2-512 "this is the test key" ;
130 	-m transport
131 	-A hmac-sha2-256 "this is the test" ;
133 # ESP tunnel mode is required between Host-A and Gateway-A.
134 # Encryption algorithm is aes-cbc, and authentication algorithm
135 # for ESP is hmac-sha2-256.
136 # ESP transport mode is recommended between Host-A and Host-B.
137 # Encryption algorithm is aes-ctr,  and authentication algorithm
138 # for ESP is hmac-sha2-512.
143 #      Host-A            Gateway-A           Host-B
144 #   fec0:0:0:1::1 ---- fec0:0:0:2::1 ---- fec0:0:0:2::2
146 # At Host-A:
147 spdadd fec0:0:0:1::1[any] fec0:0:0:2::2[80] tcp -P out ipsec
149 	esp/tunnel/fec0:0:0:1::1-fec0:0:0:2::1/require ;
150 spdadd fec0:0:0:2::1[80] fec0:0:0:1::1[any] tcp -P in ipsec
152 	esp/tunnel/fec0:0:0:2::1-fec0:0:0:1::1/require ;
154 	-m transport
155 	-E aes-cbc "kamekame12341234kamekame12341234"
156 	-A hmac-sha2-256 "this is the test key" ;
158 	-E aes-ctr "kamekame12341234kamekame12341234f00f"
159 	-A hmac-sha2-512 "this is the test" ;
161 	-m transport
162 	-E aes-cbc "kamekame12341234kamekame12341234"
163 	-A hmac-sha2-256 "this is the test key" ;
165 	-E aes-ctr "kamekame12341234kamekame12341234f00f"
166 	-A hmac-sha2-512 "this is the test" ;
172 spddelete fec0:0:0:1::/64 fec0:0:0:2::/64 any -P out;
190 add ::1 ::1 esp 10001 -m transport -E null ;
191 add ::1 ::1 esp 10004 -m transport -E null -A null ;
192 add ::1 ::1 esp 10006 -m tunnel -E null -A hmac-sha1 "12341234123412341234" ;
193 add ::1 ::1 esp 10015 -m transport -f zero-pad -E null ;
194 add ::1 ::1 esp 10016 -m tunnel -f random-pad -r 8 -lh 100 -ls 80 -E null ;
195 add ::1 ::1 esp 10017 -m transport -f seq-pad -f nocyclic-seq -E null ;
196 add ::1 ::1 esp 10018 -m transport -E null ;
197 #add ::1 ::1 ah 20000 -m transport -A null ;
198 add ::1 ::1 ah 20002 -m tunnel -A hmac-sha1 "12341234123412341234";
199 #add ::1 ::1 ipcomp 30000 -C oui ;
200 add ::1 ::1 ipcomp 30001 -C deflate ;
201 #add ::1 ::1 ipcomp 30002 -C lzs ;