# # this is test configuration for unique policy on loopback. # spdflush; # connection to 9999 encrypted, reverse no encrypted. spdadd ::1 ::1[9999] tcp -P out ipsec esp/transport//unique:2 ; # Session encrypted. Inbound policy check takes place non-strictly. spdadd ::1 ::1[9998] tcp -P out ipsec esp/transport//unique:1 ; spdadd ::1[9998] ::1 tcp -P in ipsec esp/transport//unique:2 ; spdadd ::1[9998] ::1 tcp -P out ipsec esp/transport//unique:1 ; # Cause new SA to be acquired. spdadd ::1 ::1[9997] tcp -P out ipsec esp/transport//unique ; # Used proper SA. spdadd ::1 ::1[9996] tcp -P out ipsec esp/transport//require ; # reqid will be updated by kernel. spdadd ::1 ::1[9995] tcp -P out ipsec esp/transport//unique:28000 ; flush; add ::1 ::1 esp 0x1001 -u 1 -E des-cbc "kamekame"; add ::1 ::1 esp 0x1002 -u 2 -E des-cbc "hogehoge"; |