API tools faq
paste
Advertisement
Guest User

Dutchy

a guest
Oct 8th, 2009
132
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.64 KB | None | 0 0
raw download clone embed print report
  1. =========================== debian machine ===========================
  2. #!/usr/sbin/setkey -f
  3.  
  4. # NOTE: Do not use this file if you use racoon with racoon-tool
  5. # utility. racoon-tool will setup SAs and SPDs automatically using
  6. # /etc/racoon/racoon-tool.conf configuration.
  7. #
  8.  
  9. ## Flush the SAD and SPD
  10. #
  11. flush;
  12. spdflush;
  13.  
  14. ## Some sample SPDs for use racoon
  15. #
  16. # spdadd 10.10.100.1 10.10.100.2 any -P out ipsec
  17. # esp/transport//require;
  18. #
  19. # spdadd 10.10.100.2 10.10.100.1 any -P in ipsec
  20. # esp/transport//require;
  21. #
  22. #add fe80::230:48ff:fed8:820%eth0 fe80::20b:cdff:fe2f:b724%eth0 esp 123456 -E rijndael-cbc 0x12345678901234567890123456789012 -A hmac-sha1 0x1234567890123456789012345678901234567890 ;
  23.  
  24. # AH SAs using 128 bit long keys
  25. add fe80::230:48ff:fed8:820%eth0 fe80::20b:cdff:fe2f:b724%eth0 ah 0x200 -A hmac-md5
  26. 0xc0291ff014dccdd03874d9e8e4cdf3e6;
  27. add fe80::20b:cdff:fe2f:b724%eth0 fe80::230:48ff:fed8:820%eth0 ah 0x300 -A hmac-md5
  28. 0x96358c90783bbfa3d7b196ceabe0536b;
  29.  
  30. # ESP SAs using 192 bit long keys (168 + 24 parity)
  31. add fe80::230:48ff:fed8:820%eth0 fe80::20b:cdff:fe2f:b724%eth0 esp 0x201 -E 3des-cbc
  32. 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
  33. add fe80::20b:cdff:fe2f:b724%eth0 fe80::230:48ff:fed8:820%eth0 esp 0x301 -E 3des-cbc
  34. 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;
  35.  
  36. # Security policies
  37. spdadd fe80::230:48ff:fed8:820%eth0 fe80::20b:cdff:fe2f:b724%eth0 any -P out ipsec
  38. esp/transport//require
  39. ah/transport//require;
  40.  
  41. spdadd fe80::20b:cdff:fe2f:b724%eth0 fe80::230:48ff:fed8:820%eth0 any -P in ipsec
  42. esp/transport//require
  43. ah/transport//require;
  44.  
  45.  
  46. =========================== freebsd machine ===========================
  47. #!/sbin/setkey -f
  48.  
  49. # NOTE: Do not use this file if you use racoon with racoon-tool
  50. # utility. racoon-tool will setup SAs and SPDs automatically using
  51. # /etc/racoon/racoon-tool.conf configuration.
  52. #
  53.  
  54. ## Flush the SAD and SPD
  55. #
  56. flush;
  57. spdflush;
  58.  
  59. ## Some sample SPDs for use racoon
  60. #
  61. # spdadd 10.10.100.1 10.10.100.2 any -P out ipsec
  62. # esp/transport//require;
  63. #
  64. # spdadd 10.10.100.2 10.10.100.1 any -P in ipsec
  65. # esp/transport//require;
  66. #
  67. #add fe80::20b:cdff:fe2f:b724%bge1 fe80::230:48ff:fed8:820%bge1 esp 123456 -E rijndael-cbc 0x12345678901234567890123456789012 -A hmac-sha1 0x1234567890123456789012345678901234567890 ;
  68.  
  69. # AH SAs using 128 bit long keys
  70. add fe80::230:48ff:fed8:820%bge1 fe80::20b:cdff:fe2f:b724%bge1 ah 0x200 -A hmac-md5
  71. 0xc0291ff014dccdd03874d9e8e4cdf3e6;
  72. add fe80::20b:cdff:fe2f:b724%bge1 fe80::230:48ff:fed8:820%bge1 ah 0x300 -A hmac-md5
  73. 0x96358c90783bbfa3d7b196ceabe0536b;
  74.  
  75. # ESP SAs using 192 bit long keys (168 + 24 parity)
  76. add fe80::230:48ff:fed8:820%bge1 fe80::20b:cdff:fe2f:b724%bge1 esp 0x201 -E 3des-cbc
  77. 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
  78. add fe80::20b:cdff:fe2f:b724%bge1 fe80::230:48ff:fed8:820%bge1 esp 0x301 -E 3des-cbc
  79. 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;
  80.  
  81. # Security policies
  82. spdadd fe80::20b:cdff:fe2f:b724%bge1 fe80::230:48ff:fed8:820%bge1 any -P out ipsec
  83. esp/transport//require
  84. ah/transport//require;
  85.  
  86. spdadd fe80::230:48ff:fed8:820%bge1 fe80::20b:cdff:fe2f:b724%bge1 any -P in ipsec
  87. esp/transport//require
  88. ah/transport//require;
  89.  
  90.  
  91. =========================== outputs debian machine ===========================
  92. root@bolderbast:/etc# setkey -D
  93. fe80::230:48ff:fed8:820 fe80::20b:cdff:fe2f:b724
  94. ah mode=transport spi=512(0x00000200) reqid=0(0x00000000)
  95. A: hmac-md5 c0291ff0 14dccdd0 3874d9e8 e4cdf3e6
  96. seq=0x00000000 replay=0 flags=0x00000000 state=mature
  97. created: Oct 8 20:25:46 2009 current: Oct 8 20:46:58 2009
  98. diff: 1272(s) hard: 0(s) soft: 0(s)
  99. last: Oct 8 20:38:51 2009 hard: 0(s) soft: 0(s)
  100. current: 496(bytes) hard: 0(bytes) soft: 0(bytes)
  101. allocated: 7 hard: 0 soft: 0
  102. sadb_seq=1 pid=14767 refcnt=0
  103. fe80::20b:cdff:fe2f:b724 fe80::230:48ff:fed8:820
  104. ah mode=transport spi=768(0x00000300) reqid=0(0x00000000)
  105. A: hmac-md5 96358c90 783bbfa3 d7b196ce abe0536b
  106. seq=0x00000000 replay=0 flags=0x00000000 state=mature
  107. created: Oct 8 20:25:46 2009 current: Oct 8 20:46:58 2009
  108. diff: 1272(s) hard: 0(s) soft: 0(s)
  109. last: Oct 8 20:38:51 2009 hard: 0(s) soft: 0(s)
  110. current: 224(bytes) hard: 0(bytes) soft: 0(bytes)
  111. allocated: 4 hard: 0 soft: 0
  112. sadb_seq=2 pid=14767 refcnt=0
  113. fe80::230:48ff:fed8:820 fe80::20b:cdff:fe2f:b724
  114. esp mode=transport spi=513(0x00000201) reqid=0(0x00000000)
  115. E: 3des-cbc 7aeaca3f 87d060a1 2f4a4487 d5a5c335 5920fae6 9a96c831
  116. seq=0x00000000 replay=0 flags=0x00000000 state=mature
  117. created: Oct 8 20:25:46 2009 current: Oct 8 20:46:58 2009
  118. diff: 1272(s) hard: 0(s) soft: 0(s)
  119. last: Oct 8 20:38:51 2009 hard: 0(s) soft: 0(s)
  120. current: 328(bytes) hard: 0(bytes) soft: 0(bytes)
  121. allocated: 7 hard: 0 soft: 0
  122. sadb_seq=3 pid=14767 refcnt=0
  123. fe80::20b:cdff:fe2f:b724 fe80::230:48ff:fed8:820
  124. esp mode=transport spi=769(0x00000301) reqid=0(0x00000000)
  125. E: 3des-cbc f6ddb555 acfd9d77 b03ea384 3f265325 5afe8eb5 573965df
  126. seq=0x00000000 replay=0 flags=0x00000000 state=mature
  127. created: Oct 8 20:25:46 2009 current: Oct 8 20:46:58 2009
  128. diff: 1272(s) hard: 0(s) soft: 0(s)
  129. last: Oct 8 20:38:51 2009 hard: 0(s) soft: 0(s)
  130. current: 128(bytes) hard: 0(bytes) soft: 0(bytes)
  131. allocated: 4 hard: 0 soft: 0
  132. sadb_seq=0 pid=14767 refcnt=0
  133.  
  134. root@bolderbast:/etc# setkey -DP
  135. fe80::230:48ff:fed8:820[any] fe80::20b:cdff:fe2f:b724[any] any
  136. out prio def ipsec
  137. esp/transport//require
  138. ah/transport//require
  139. created: Oct 8 20:25:46 2009 lastused: Oct 8 20:38:58 2009
  140. lifetime: 0(s) validtime: 0(s)
  141. spid=10996065 seq=1 pid=14768
  142. refcnt=3
  143. fe80::20b:cdff:fe2f:b724[any] fe80::230:48ff:fed8:820[any] any
  144. in prio def ipsec
  145. esp/transport//require
  146. ah/transport//require
  147. created: Oct 8 20:25:46 2009 lastused: Oct 8 20:38:58 2009
  148. lifetime: 0(s) validtime: 0(s)
  149. spid=10996072 seq=2 pid=14768
  150. refcnt=1
  151. fe80::20b:cdff:fe2f:b724[any] fe80::230:48ff:fed8:820[any] any
  152. fwd prio def ipsec
  153. esp/transport//require
  154. ah/transport//require
  155. created: Oct 8 20:25:46 2009 lastused:
  156. lifetime: 0(s) validtime: 0(s)
  157. spid=10996082 seq=0 pid=14768
  158. refcnt=1
  159.  
  160. =========================== outputs freebsd machine ===========================
  161. root@zwarejongens:/etc# setkey -D
  162. fe80:2::20b:cdff:fe2f:b724 fe80:2::230:48ff:fed8:820
  163. esp mode=any spi=769(0x00000301) reqid=0(0x00000000)
  164. E: 3des-cbc f6ddb555 acfd9d77 b03ea384 3f265325 5afe8eb5 573965df
  165. seq=0x00000000 replay=0 flags=0x00000040 state=mature
  166. created: Oct 8 20:42:45 2009 current: Oct 8 20:44:52 2009
  167. diff: 127(s) hard: 0(s) soft: 0(s)
  168. last: hard: 0(s) soft: 0(s)
  169. current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
  170. allocated: 0 hard: 0 soft: 0
  171. sadb_seq=3 pid=32628 refcnt=1
  172. fe80:2::230:48ff:fed8:820 fe80:2::20b:cdff:fe2f:b724
  173. esp mode=any spi=513(0x00000201) reqid=0(0x00000000)
  174. E: 3des-cbc 7aeaca3f 87d060a1 2f4a4487 d5a5c335 5920fae6 9a96c831
  175. seq=0x00000000 replay=0 flags=0x00000040 state=mature
  176. created: Oct 8 20:42:45 2009 current: Oct 8 20:44:52 2009
  177. diff: 127(s) hard: 0(s) soft: 0(s)
  178. last: hard: 0(s) soft: 0(s)
  179. current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
  180. allocated: 0 hard: 0 soft: 0
  181. sadb_seq=2 pid=32628 refcnt=1
  182. fe80:2::20b:cdff:fe2f:b724 fe80:2::230:48ff:fed8:820
  183. ah mode=any spi=768(0x00000300) reqid=0(0x00000000)
  184. A: hmac-md5 96358c90 783bbfa3 d7b196ce abe0536b
  185. seq=0x00000000 replay=0 flags=0x00000040 state=mature
  186. created: Oct 8 20:42:45 2009 current: Oct 8 20:44:52 2009
  187. diff: 127(s) hard: 0(s) soft: 0(s)
  188. last: hard: 0(s) soft: 0(s)
  189. current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
  190. allocated: 0 hard: 0 soft: 0
  191. sadb_seq=1 pid=32628 refcnt=1
  192. fe80:2::230:48ff:fed8:820 fe80:2::20b:cdff:fe2f:b724
  193. ah mode=any spi=512(0x00000200) reqid=0(0x00000000)
  194. A: hmac-md5 c0291ff0 14dccdd0 3874d9e8 e4cdf3e6
  195. seq=0x00000000 replay=0 flags=0x00000040 state=mature
  196. created: Oct 8 20:42:45 2009 current: Oct 8 20:44:52 2009
  197. diff: 127(s) hard: 0(s) soft: 0(s)
  198. last: hard: 0(s) soft: 0(s)
  199. current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
  200. allocated: 0 hard: 0 soft: 0
  201. sadb_seq=0 pid=32628 refcnt=1
  202.  
  203. root@zwarejongens:/etc# setkey -DP
  204. fe80:2::230:48ff:fed8:820[any] fe80:2::20b:cdff:fe2f:b724[any] any
  205. in ipsec
  206. esp/transport//require
  207. ah/transport//require
  208. created: Oct 8 20:42:45 2009 lastused: Oct 8 20:42:45 2009
  209. lifetime: 0(s) validtime: 0(s)
  210. spid=16397 seq=1 pid=32627
  211. refcnt=1
  212. fe80:2::20b:cdff:fe2f:b724[any] fe80:2::230:48ff:fed8:820[any] any
  213. out ipsec
  214. esp/transport//require
  215. ah/transport//require
  216. created: Oct 8 20:42:45 2009 lastused: Oct 8 20:42:45 2009
  217. lifetime: 0(s) validtime: 0(s)
  218. spid=16396 seq=0 pid=32627
  219. refcnt=1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!