Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- =========================== debian machine ===========================
- #!/usr/sbin/setkey -f
- # NOTE: Do not use this file if you use racoon with racoon-tool
- # utility. racoon-tool will setup SAs and SPDs automatically using
- # /etc/racoon/racoon-tool.conf configuration.
- #
- ## Flush the SAD and SPD
- #
- flush;
- spdflush;
- ## Some sample SPDs for use racoon
- #
- # spdadd 10.10.100.1 10.10.100.2 any -P out ipsec
- # esp/transport//require;
- #
- # spdadd 10.10.100.2 10.10.100.1 any -P in ipsec
- # esp/transport//require;
- #
- #add fe80::230:48ff:fed8:820%eth0 fe80::20b:cdff:fe2f:b724%eth0 esp 123456 -E rijndael-cbc 0x12345678901234567890123456789012 -A hmac-sha1 0x1234567890123456789012345678901234567890 ;
- # AH SAs using 128 bit long keys
- add fe80::230:48ff:fed8:820%eth0 fe80::20b:cdff:fe2f:b724%eth0 ah 0x200 -A hmac-md5
- 0xc0291ff014dccdd03874d9e8e4cdf3e6;
- add fe80::20b:cdff:fe2f:b724%eth0 fe80::230:48ff:fed8:820%eth0 ah 0x300 -A hmac-md5
- 0x96358c90783bbfa3d7b196ceabe0536b;
- # ESP SAs using 192 bit long keys (168 + 24 parity)
- add fe80::230:48ff:fed8:820%eth0 fe80::20b:cdff:fe2f:b724%eth0 esp 0x201 -E 3des-cbc
- 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
- add fe80::20b:cdff:fe2f:b724%eth0 fe80::230:48ff:fed8:820%eth0 esp 0x301 -E 3des-cbc
- 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;
- # Security policies
- spdadd fe80::230:48ff:fed8:820%eth0 fe80::20b:cdff:fe2f:b724%eth0 any -P out ipsec
- esp/transport//require
- ah/transport//require;
- spdadd fe80::20b:cdff:fe2f:b724%eth0 fe80::230:48ff:fed8:820%eth0 any -P in ipsec
- esp/transport//require
- ah/transport//require;
- =========================== freebsd machine ===========================
- #!/sbin/setkey -f
- # NOTE: Do not use this file if you use racoon with racoon-tool
- # utility. racoon-tool will setup SAs and SPDs automatically using
- # /etc/racoon/racoon-tool.conf configuration.
- #
- ## Flush the SAD and SPD
- #
- flush;
- spdflush;
- ## Some sample SPDs for use racoon
- #
- # spdadd 10.10.100.1 10.10.100.2 any -P out ipsec
- # esp/transport//require;
- #
- # spdadd 10.10.100.2 10.10.100.1 any -P in ipsec
- # esp/transport//require;
- #
- #add fe80::20b:cdff:fe2f:b724%bge1 fe80::230:48ff:fed8:820%bge1 esp 123456 -E rijndael-cbc 0x12345678901234567890123456789012 -A hmac-sha1 0x1234567890123456789012345678901234567890 ;
- # AH SAs using 128 bit long keys
- add fe80::230:48ff:fed8:820%bge1 fe80::20b:cdff:fe2f:b724%bge1 ah 0x200 -A hmac-md5
- 0xc0291ff014dccdd03874d9e8e4cdf3e6;
- add fe80::20b:cdff:fe2f:b724%bge1 fe80::230:48ff:fed8:820%bge1 ah 0x300 -A hmac-md5
- 0x96358c90783bbfa3d7b196ceabe0536b;
- # ESP SAs using 192 bit long keys (168 + 24 parity)
- add fe80::230:48ff:fed8:820%bge1 fe80::20b:cdff:fe2f:b724%bge1 esp 0x201 -E 3des-cbc
- 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
- add fe80::20b:cdff:fe2f:b724%bge1 fe80::230:48ff:fed8:820%bge1 esp 0x301 -E 3des-cbc
- 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;
- # Security policies
- spdadd fe80::20b:cdff:fe2f:b724%bge1 fe80::230:48ff:fed8:820%bge1 any -P out ipsec
- esp/transport//require
- ah/transport//require;
- spdadd fe80::230:48ff:fed8:820%bge1 fe80::20b:cdff:fe2f:b724%bge1 any -P in ipsec
- esp/transport//require
- ah/transport//require;
- =========================== outputs debian machine ===========================
- root@bolderbast:/etc# setkey -D
- fe80::230:48ff:fed8:820 fe80::20b:cdff:fe2f:b724
- ah mode=transport spi=512(0x00000200) reqid=0(0x00000000)
- A: hmac-md5 c0291ff0 14dccdd0 3874d9e8 e4cdf3e6
- seq=0x00000000 replay=0 flags=0x00000000 state=mature
- created: Oct 8 20:25:46 2009 current: Oct 8 20:46:58 2009
- diff: 1272(s) hard: 0(s) soft: 0(s)
- last: Oct 8 20:38:51 2009 hard: 0(s) soft: 0(s)
- current: 496(bytes) hard: 0(bytes) soft: 0(bytes)
- allocated: 7 hard: 0 soft: 0
- sadb_seq=1 pid=14767 refcnt=0
- fe80::20b:cdff:fe2f:b724 fe80::230:48ff:fed8:820
- ah mode=transport spi=768(0x00000300) reqid=0(0x00000000)
- A: hmac-md5 96358c90 783bbfa3 d7b196ce abe0536b
- seq=0x00000000 replay=0 flags=0x00000000 state=mature
- created: Oct 8 20:25:46 2009 current: Oct 8 20:46:58 2009
- diff: 1272(s) hard: 0(s) soft: 0(s)
- last: Oct 8 20:38:51 2009 hard: 0(s) soft: 0(s)
- current: 224(bytes) hard: 0(bytes) soft: 0(bytes)
- allocated: 4 hard: 0 soft: 0
- sadb_seq=2 pid=14767 refcnt=0
- fe80::230:48ff:fed8:820 fe80::20b:cdff:fe2f:b724
- esp mode=transport spi=513(0x00000201) reqid=0(0x00000000)
- E: 3des-cbc 7aeaca3f 87d060a1 2f4a4487 d5a5c335 5920fae6 9a96c831
- seq=0x00000000 replay=0 flags=0x00000000 state=mature
- created: Oct 8 20:25:46 2009 current: Oct 8 20:46:58 2009
- diff: 1272(s) hard: 0(s) soft: 0(s)
- last: Oct 8 20:38:51 2009 hard: 0(s) soft: 0(s)
- current: 328(bytes) hard: 0(bytes) soft: 0(bytes)
- allocated: 7 hard: 0 soft: 0
- sadb_seq=3 pid=14767 refcnt=0
- fe80::20b:cdff:fe2f:b724 fe80::230:48ff:fed8:820
- esp mode=transport spi=769(0x00000301) reqid=0(0x00000000)
- E: 3des-cbc f6ddb555 acfd9d77 b03ea384 3f265325 5afe8eb5 573965df
- seq=0x00000000 replay=0 flags=0x00000000 state=mature
- created: Oct 8 20:25:46 2009 current: Oct 8 20:46:58 2009
- diff: 1272(s) hard: 0(s) soft: 0(s)
- last: Oct 8 20:38:51 2009 hard: 0(s) soft: 0(s)
- current: 128(bytes) hard: 0(bytes) soft: 0(bytes)
- allocated: 4 hard: 0 soft: 0
- sadb_seq=0 pid=14767 refcnt=0
- root@bolderbast:/etc# setkey -DP
- fe80::230:48ff:fed8:820[any] fe80::20b:cdff:fe2f:b724[any] any
- out prio def ipsec
- esp/transport//require
- ah/transport//require
- created: Oct 8 20:25:46 2009 lastused: Oct 8 20:38:58 2009
- lifetime: 0(s) validtime: 0(s)
- spid=10996065 seq=1 pid=14768
- refcnt=3
- fe80::20b:cdff:fe2f:b724[any] fe80::230:48ff:fed8:820[any] any
- in prio def ipsec
- esp/transport//require
- ah/transport//require
- created: Oct 8 20:25:46 2009 lastused: Oct 8 20:38:58 2009
- lifetime: 0(s) validtime: 0(s)
- spid=10996072 seq=2 pid=14768
- refcnt=1
- fe80::20b:cdff:fe2f:b724[any] fe80::230:48ff:fed8:820[any] any
- fwd prio def ipsec
- esp/transport//require
- ah/transport//require
- created: Oct 8 20:25:46 2009 lastused:
- lifetime: 0(s) validtime: 0(s)
- spid=10996082 seq=0 pid=14768
- refcnt=1
- =========================== outputs freebsd machine ===========================
- root@zwarejongens:/etc# setkey -D
- fe80:2::20b:cdff:fe2f:b724 fe80:2::230:48ff:fed8:820
- esp mode=any spi=769(0x00000301) reqid=0(0x00000000)
- E: 3des-cbc f6ddb555 acfd9d77 b03ea384 3f265325 5afe8eb5 573965df
- seq=0x00000000 replay=0 flags=0x00000040 state=mature
- created: Oct 8 20:42:45 2009 current: Oct 8 20:44:52 2009
- diff: 127(s) hard: 0(s) soft: 0(s)
- last: hard: 0(s) soft: 0(s)
- current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
- allocated: 0 hard: 0 soft: 0
- sadb_seq=3 pid=32628 refcnt=1
- fe80:2::230:48ff:fed8:820 fe80:2::20b:cdff:fe2f:b724
- esp mode=any spi=513(0x00000201) reqid=0(0x00000000)
- E: 3des-cbc 7aeaca3f 87d060a1 2f4a4487 d5a5c335 5920fae6 9a96c831
- seq=0x00000000 replay=0 flags=0x00000040 state=mature
- created: Oct 8 20:42:45 2009 current: Oct 8 20:44:52 2009
- diff: 127(s) hard: 0(s) soft: 0(s)
- last: hard: 0(s) soft: 0(s)
- current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
- allocated: 0 hard: 0 soft: 0
- sadb_seq=2 pid=32628 refcnt=1
- fe80:2::20b:cdff:fe2f:b724 fe80:2::230:48ff:fed8:820
- ah mode=any spi=768(0x00000300) reqid=0(0x00000000)
- A: hmac-md5 96358c90 783bbfa3 d7b196ce abe0536b
- seq=0x00000000 replay=0 flags=0x00000040 state=mature
- created: Oct 8 20:42:45 2009 current: Oct 8 20:44:52 2009
- diff: 127(s) hard: 0(s) soft: 0(s)
- last: hard: 0(s) soft: 0(s)
- current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
- allocated: 0 hard: 0 soft: 0
- sadb_seq=1 pid=32628 refcnt=1
- fe80:2::230:48ff:fed8:820 fe80:2::20b:cdff:fe2f:b724
- ah mode=any spi=512(0x00000200) reqid=0(0x00000000)
- A: hmac-md5 c0291ff0 14dccdd0 3874d9e8 e4cdf3e6
- seq=0x00000000 replay=0 flags=0x00000040 state=mature
- created: Oct 8 20:42:45 2009 current: Oct 8 20:44:52 2009
- diff: 127(s) hard: 0(s) soft: 0(s)
- last: hard: 0(s) soft: 0(s)
- current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
- allocated: 0 hard: 0 soft: 0
- sadb_seq=0 pid=32628 refcnt=1
- root@zwarejongens:/etc# setkey -DP
- fe80:2::230:48ff:fed8:820[any] fe80:2::20b:cdff:fe2f:b724[any] any
- in ipsec
- esp/transport//require
- ah/transport//require
- created: Oct 8 20:42:45 2009 lastused: Oct 8 20:42:45 2009
- lifetime: 0(s) validtime: 0(s)
- spid=16397 seq=1 pid=32627
- refcnt=1
- fe80:2::20b:cdff:fe2f:b724[any] fe80:2::230:48ff:fed8:820[any] any
- out ipsec
- esp/transport//require
- ah/transport//require
- created: Oct 8 20:42:45 2009 lastused: Oct 8 20:42:45 2009
- lifetime: 0(s) validtime: 0(s)
- spid=16396 seq=0 pid=32627
- refcnt=1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement