../../guestbin/prep.sh
west #
 ifconfig ipsec1 create reqid 100
west #
 ifconfig ipsec1 inet tunnel 192.1.2.45 192.1.2.23
west #
 ifconfig ipsec1 inet 192.0.45.1/24 192.0.23.1
west #
 ifconfig ipsec1
ipsec1: flags=1008051<UP,POINTOPOINT,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1400
	options=0
	tunnel inet 192.1.2.45 --> 192.1.2.23
	inet 192.0.45.1 --> 192.0.23.1 netmask 0xffffff00
	groups: ipsec
	reqid: 100
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
west #
 ../../guestbin/ipsec-kernel-state.sh
No SAD entries.
west #
 ../../guestbin/ipsec-kernel-policy.sh
0.0.0.0/0[any] 0.0.0.0/0[any] any
	in ipsec
	esp/tunnel/192.1.2.23-192.1.2.45/unique:100
	spid=1 seq=3 pid=PID scope=ifnet ifname=ipsec1
	refcnt=1
::/0[any] ::/0[any] any
	in ipsec
	esp/tunnel/192.1.2.23-192.1.2.45/unique:100
	spid=3 seq=2 pid=PID scope=ifnet ifname=ipsec1
	refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
	out ipsec
	esp/tunnel/192.1.2.45-192.1.2.23/unique:100
	spid=2 seq=1 pid=PID scope=ifnet ifname=ipsec1
	refcnt=1
::/0[any] ::/0[any] any
	out ipsec
	esp/tunnel/192.1.2.45-192.1.2.23/unique:100
	spid=4 seq=0 pid=PID scope=ifnet ifname=ipsec1
	refcnt=1
west #
 echo 'add 192.1.2.45 192.1.2.23 esp 4523 -m tunnel -u 100 -E rijndael-cbc "45-----Key----23" -A hmac-sha1 "45------Hash------23" ;' | setkey -c
west #
 echo 'add 192.1.2.23 192.1.2.45 esp 2345 -m tunnel -u 100 -E rijndael-cbc "23-----Key----45" -A hmac-sha1 "23------Hash------45" ;' | setkey -c
west #
 ifconfig ipsec1
ipsec1: flags=1008051<UP,POINTOPOINT,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1400
	options=0
	tunnel inet 192.1.2.45 --> 192.1.2.23
	inet 192.0.45.1 --> 192.0.23.1 netmask 0xffffff00
	groups: ipsec
	reqid: 100
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
west #
 ../../guestbin/ipsec-kernel-state.sh
192.1.2.23 192.1.2.45
	esp mode=tunnel spi=SPISPI(0xSPISPI) reqid=100(0x00000064)
	E: aes-cbc  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	A: hmac-sha1  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	seq=0x00000000 replay=0 flags=0x00000040 state=mature 
	created: TIMESTAMP	current: TIMESTAMP
	diff: N(s)	hard: 0(s)	soft: 0(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=1 pid=PID refcnt=1
192.1.2.45 192.1.2.23
	esp mode=tunnel spi=SPISPI(0xSPISPI) reqid=100(0x00000064)
	E: aes-cbc  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	A: hmac-sha1  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	seq=0x00000000 replay=0 flags=0x00000040 state=mature 
	created: TIMESTAMP	current: TIMESTAMP
	diff: N(s)	hard: 0(s)	soft: 0(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=0 pid=PID refcnt=1
west #
 ../../guestbin/ipsec-kernel-policy.sh
0.0.0.0/0[any] 0.0.0.0/0[any] any
	in ipsec
	esp/tunnel/192.1.2.23-192.1.2.45/unique:100
	spid=1 seq=3 pid=PID scope=ifnet ifname=ipsec1
	refcnt=1
::/0[any] ::/0[any] any
	in ipsec
	esp/tunnel/192.1.2.23-192.1.2.45/unique:100
	spid=3 seq=2 pid=PID scope=ifnet ifname=ipsec1
	refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
	out ipsec
	esp/tunnel/192.1.2.45-192.1.2.23/unique:100
	spid=2 seq=1 pid=PID scope=ifnet ifname=ipsec1
	refcnt=1
::/0[any] ::/0[any] any
	out ipsec
	esp/tunnel/192.1.2.45-192.1.2.23/unique:100
	spid=4 seq=0 pid=PID scope=ifnet ifname=ipsec1
	refcnt=1
west #
 sleep 10 # give broken ping a chance
west #
 ../../guestbin/ping-once.sh --up -I 192.0.45.1 192.0.23.1
up
west #
 ../../guestbin/ipsec-kernel-state.sh
192.1.2.23 192.1.2.45
	esp mode=tunnel spi=SPISPI(0xSPISPI) reqid=100(0x00000064)
	E: aes-cbc  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	A: hmac-sha1  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	seq=0x00000000 replay=0 flags=0x00000040 state=mature 
	created: TIMESTAMP	current: TIMESTAMP
	diff: N(s)	hard: 0(s)	soft: 0(s)
	last: TIMESTAMP	hard: 0(s)	soft: 0(s)
	current: 168(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 2	hard: 0	soft: 0
	sadb_seq=1 pid=PID refcnt=1
192.1.2.45 192.1.2.23
	esp mode=tunnel spi=SPISPI(0xSPISPI) reqid=100(0x00000064)
	E: aes-cbc  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	A: hmac-sha1  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	seq=0x00000002 replay=0 flags=0x00000040 state=mature 
	created: TIMESTAMP	current: TIMESTAMP
	diff: N(s)	hard: 0(s)	soft: 0(s)
	last: TIMESTAMP	hard: 0(s)	soft: 0(s)
	current: 304(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 2	hard: 0	soft: 0
	sadb_seq=0 pid=PID refcnt=1
west #
 ../../guestbin/ipsec-kernel-policy.sh
0.0.0.0/0[any] 0.0.0.0/0[any] any
	in ipsec
	esp/tunnel/192.1.2.23-192.1.2.45/unique:100
	spid=1 seq=3 pid=PID scope=ifnet ifname=ipsec1
	refcnt=1
::/0[any] ::/0[any] any
	in ipsec
	esp/tunnel/192.1.2.23-192.1.2.45/unique:100
	spid=3 seq=2 pid=PID scope=ifnet ifname=ipsec1
	refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
	out ipsec
	esp/tunnel/192.1.2.45-192.1.2.23/unique:100
	spid=2 seq=1 pid=PID scope=ifnet ifname=ipsec1
	refcnt=1
::/0[any] ::/0[any] any
	out ipsec
	esp/tunnel/192.1.2.45-192.1.2.23/unique:100
	spid=4 seq=0 pid=PID scope=ifnet ifname=ipsec1
	refcnt=1
west #
 setkey -F
west #
 ifconfig ipsec1 destroy
west #
 
