=========================== debian machine ===========================
#!/usr/sbin/setkey -f
# NOTE: Do not use this file if you use racoon with racoon-tool
# utility. racoon-tool will setup SAs and SPDs automatically using
# /etc/racoon/racoon-tool.conf configuration.
#
## Flush the SAD and SPD
#
flush;
spdflush;
## Some sample SPDs for use racoon
#
# spdadd 10.10.100.1 10.10.100.2 any -P out ipsec
# esp/transport//require;
#
# spdadd 10.10.100.2 10.10.100.1 any -P in ipsec
# esp/transport//require;
#
#add fe80::230:48ff:fed8:820%eth0 fe80::20b:cdff:fe2f:b724%eth0 esp 123456 -E rijndael-cbc 0x12345678901234567890123456789012 -A hmac-sha1 0x1234567890123456789012345678901234567890 ;
# AH SAs using 128 bit long keys
add fe80::230:48ff:fed8:820%eth0 fe80::20b:cdff:fe2f:b724%eth0 ah 0x200 -A hmac-md5
0xc0291ff014dccdd03874d9e8e4cdf3e6;
add fe80::20b:cdff:fe2f:b724%eth0 fe80::230:48ff:fed8:820%eth0 ah 0x300 -A hmac-md5
0x96358c90783bbfa3d7b196ceabe0536b;
# ESP SAs using 192 bit long keys (168 + 24 parity)
add fe80::230:48ff:fed8:820%eth0 fe80::20b:cdff:fe2f:b724%eth0 esp 0x201 -E 3des-cbc
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
add fe80::20b:cdff:fe2f:b724%eth0 fe80::230:48ff:fed8:820%eth0 esp 0x301 -E 3des-cbc
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;
# Security policies
spdadd fe80::230:48ff:fed8:820%eth0 fe80::20b:cdff:fe2f:b724%eth0 any -P out ipsec
esp/transport//require
ah/transport//require;
spdadd fe80::20b:cdff:fe2f:b724%eth0 fe80::230:48ff:fed8:820%eth0 any -P in ipsec
esp/transport//require
ah/transport//require;
=========================== freebsd machine ===========================
#!/sbin/setkey -f
# NOTE: Do not use this file if you use racoon with racoon-tool
# utility. racoon-tool will setup SAs and SPDs automatically using
# /etc/racoon/racoon-tool.conf configuration.
#
## Flush the SAD and SPD
#
flush;
spdflush;
## Some sample SPDs for use racoon
#
# spdadd 10.10.100.1 10.10.100.2 any -P out ipsec
# esp/transport//require;
#
# spdadd 10.10.100.2 10.10.100.1 any -P in ipsec
# esp/transport//require;
#
#add fe80::20b:cdff:fe2f:b724%bge1 fe80::230:48ff:fed8:820%bge1 esp 123456 -E rijndael-cbc 0x12345678901234567890123456789012 -A hmac-sha1 0x1234567890123456789012345678901234567890 ;
# AH SAs using 128 bit long keys
add fe80::230:48ff:fed8:820%bge1 fe80::20b:cdff:fe2f:b724%bge1 ah 0x200 -A hmac-md5
0xc0291ff014dccdd03874d9e8e4cdf3e6;
add fe80::20b:cdff:fe2f:b724%bge1 fe80::230:48ff:fed8:820%bge1 ah 0x300 -A hmac-md5
0x96358c90783bbfa3d7b196ceabe0536b;
# ESP SAs using 192 bit long keys (168 + 24 parity)
add fe80::230:48ff:fed8:820%bge1 fe80::20b:cdff:fe2f:b724%bge1 esp 0x201 -E 3des-cbc
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
add fe80::20b:cdff:fe2f:b724%bge1 fe80::230:48ff:fed8:820%bge1 esp 0x301 -E 3des-cbc
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;
# Security policies
spdadd fe80::20b:cdff:fe2f:b724%bge1 fe80::230:48ff:fed8:820%bge1 any -P out ipsec
esp/transport//require
ah/transport//require;
spdadd fe80::230:48ff:fed8:820%bge1 fe80::20b:cdff:fe2f:b724%bge1 any -P in ipsec
esp/transport//require
ah/transport//require;
=========================== outputs debian machine ===========================
root@bolderbast:/etc# setkey -D
fe80::230:48ff:fed8:820 fe80::20b:cdff:fe2f:b724
ah mode=transport spi=512(0x00000200) reqid=0(0x00000000)
A: hmac-md5 c0291ff0 14dccdd0 3874d9e8 e4cdf3e6
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Oct 8 20:25:46 2009 current: Oct 8 20:46:58 2009
diff: 1272(s) hard: 0(s) soft: 0(s)
last: Oct 8 20:38:51 2009 hard: 0(s) soft: 0(s)
current: 496(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 7 hard: 0 soft: 0
sadb_seq=1 pid=14767 refcnt=0
fe80::20b:cdff:fe2f:b724 fe80::230:48ff:fed8:820
ah mode=transport spi=768(0x00000300) reqid=0(0x00000000)
A: hmac-md5 96358c90 783bbfa3 d7b196ce abe0536b
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Oct 8 20:25:46 2009 current: Oct 8 20:46:58 2009
diff: 1272(s) hard: 0(s) soft: 0(s)
last: Oct 8 20:38:51 2009 hard: 0(s) soft: 0(s)
current: 224(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 4 hard: 0 soft: 0
sadb_seq=2 pid=14767 refcnt=0
fe80::230:48ff:fed8:820 fe80::20b:cdff:fe2f:b724
esp mode=transport spi=513(0x00000201) reqid=0(0x00000000)
E: 3des-cbc 7aeaca3f 87d060a1 2f4a4487 d5a5c335 5920fae6 9a96c831
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Oct 8 20:25:46 2009 current: Oct 8 20:46:58 2009
diff: 1272(s) hard: 0(s) soft: 0(s)
last: Oct 8 20:38:51 2009 hard: 0(s) soft: 0(s)
current: 328(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 7 hard: 0 soft: 0
sadb_seq=3 pid=14767 refcnt=0
fe80::20b:cdff:fe2f:b724 fe80::230:48ff:fed8:820
esp mode=transport spi=769(0x00000301) reqid=0(0x00000000)
E: 3des-cbc f6ddb555 acfd9d77 b03ea384 3f265325 5afe8eb5 573965df
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Oct 8 20:25:46 2009 current: Oct 8 20:46:58 2009
diff: 1272(s) hard: 0(s) soft: 0(s)
last: Oct 8 20:38:51 2009 hard: 0(s) soft: 0(s)
current: 128(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 4 hard: 0 soft: 0
sadb_seq=0 pid=14767 refcnt=0
root@bolderbast:/etc# setkey -DP
fe80::230:48ff:fed8:820[any] fe80::20b:cdff:fe2f:b724[any] any
out prio def ipsec
esp/transport//require
ah/transport//require
created: Oct 8 20:25:46 2009 lastused: Oct 8 20:38:58 2009
lifetime: 0(s) validtime: 0(s)
spid=10996065 seq=1 pid=14768
refcnt=3
fe80::20b:cdff:fe2f:b724[any] fe80::230:48ff:fed8:820[any] any
in prio def ipsec
esp/transport//require
ah/transport//require
created: Oct 8 20:25:46 2009 lastused: Oct 8 20:38:58 2009
lifetime: 0(s) validtime: 0(s)
spid=10996072 seq=2 pid=14768
refcnt=1
fe80::20b:cdff:fe2f:b724[any] fe80::230:48ff:fed8:820[any] any
fwd prio def ipsec
esp/transport//require
ah/transport//require
created: Oct 8 20:25:46 2009 lastused:
lifetime: 0(s) validtime: 0(s)
spid=10996082 seq=0 pid=14768
refcnt=1
=========================== outputs freebsd machine ===========================
root@zwarejongens:/etc# setkey -D
fe80:2::20b:cdff:fe2f:b724 fe80:2::230:48ff:fed8:820
esp mode=any spi=769(0x00000301) reqid=0(0x00000000)
E: 3des-cbc f6ddb555 acfd9d77 b03ea384 3f265325 5afe8eb5 573965df
seq=0x00000000 replay=0 flags=0x00000040 state=mature
created: Oct 8 20:42:45 2009 current: Oct 8 20:44:52 2009
diff: 127(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=3 pid=32628 refcnt=1
fe80:2::230:48ff:fed8:820 fe80:2::20b:cdff:fe2f:b724
esp mode=any spi=513(0x00000201) reqid=0(0x00000000)
E: 3des-cbc 7aeaca3f 87d060a1 2f4a4487 d5a5c335 5920fae6 9a96c831
seq=0x00000000 replay=0 flags=0x00000040 state=mature
created: Oct 8 20:42:45 2009 current: Oct 8 20:44:52 2009
diff: 127(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=2 pid=32628 refcnt=1
fe80:2::20b:cdff:fe2f:b724 fe80:2::230:48ff:fed8:820
ah mode=any spi=768(0x00000300) reqid=0(0x00000000)
A: hmac-md5 96358c90 783bbfa3 d7b196ce abe0536b
seq=0x00000000 replay=0 flags=0x00000040 state=mature
created: Oct 8 20:42:45 2009 current: Oct 8 20:44:52 2009
diff: 127(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=1 pid=32628 refcnt=1
fe80:2::230:48ff:fed8:820 fe80:2::20b:cdff:fe2f:b724
ah mode=any spi=512(0x00000200) reqid=0(0x00000000)
A: hmac-md5 c0291ff0 14dccdd0 3874d9e8 e4cdf3e6
seq=0x00000000 replay=0 flags=0x00000040 state=mature
created: Oct 8 20:42:45 2009 current: Oct 8 20:44:52 2009
diff: 127(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=0 pid=32628 refcnt=1
root@zwarejongens:/etc# setkey -DP
fe80:2::230:48ff:fed8:820[any] fe80:2::20b:cdff:fe2f:b724[any] any
in ipsec
esp/transport//require
ah/transport//require
created: Oct 8 20:42:45 2009 lastused: Oct 8 20:42:45 2009
lifetime: 0(s) validtime: 0(s)
spid=16397 seq=1 pid=32627
refcnt=1
fe80:2::20b:cdff:fe2f:b724[any] fe80:2::230:48ff:fed8:820[any] any
out ipsec
esp/transport//require
ah/transport//require
created: Oct 8 20:42:45 2009 lastused: Oct 8 20:42:45 2009
lifetime: 0(s) validtime: 0(s)
spid=16396 seq=0 pid=32627
refcnt=1