sample-policy02.cf   [plain text]

#
# this is test configuration for unique policy on loopback.
#

spdflush;
# connection to 9999 encrypted, reverse no encrypted.
spdadd ::1 ::1[9999] tcp
	-P out ipsec
	esp/transport//unique:2 ;

# Session encrypted.  Inbound policy check takes place non-strictly.
spdadd ::1 ::1[9998] tcp
	-P out ipsec
	esp/transport//unique:1 ;
spdadd ::1[9998] ::1 tcp
	-P in ipsec
	esp/transport//unique:2 ;
spdadd ::1[9998] ::1 tcp
	-P out ipsec
	esp/transport//unique:1 ;

# Cause new SA to be acquired.
spdadd ::1 ::1[9997] tcp
	-P out ipsec
	esp/transport//unique ;

# Used proper SA.
spdadd ::1 ::1[9996] tcp
	-P out ipsec
	esp/transport//require ;

# reqid will be updated by kernel.
spdadd ::1 ::1[9995] tcp
	-P out ipsec
	esp/transport//unique:28000 ;

flush;
add ::1 ::1 esp 0x1001
	-u 1
	-E des-cbc "kamekame";
add ::1 ::1 esp 0x1002
	-u 2
	-E des-cbc "hogehoge";