#!/bin/sh # # These are setup examples for OpenBSD. So far there are only transport # mode examples because this SparcStation only has one ethernet I/F. gw1=192.168.2.105 gw2=192.168.2.110 hostmask=255.255.255.255 default=0.0.0.0 iv=1000000000000001 case "$1" in # # The ENCDEBUG macro must be defined before these two will work. # debug) sysctl -w net.ipsec.encap.encdebug=1 ;; nodebug) sysctl -w net.ipsec.encap.encdebug=0 ;; trahmd5) ipsecadm new ah -auth md5 -spi 545 -src $gw1 -dst $gw2 \ -key 81828384858687888990919293949596 rt $gw1 $hostmask $gw2 $hostmask \ -1 -1 -1 $gw2 545 0 rt $default $hostmask $gw2 $hostmask \ -1 -1 -1 $gw2 545 0 ipsecadm new ah -auth md5 -spi 555 -src $gw2 -dst $gw1 \ -key 979899a0a1a2a3a4a5a6a7a8a9b0b1b2 ;; trahmd5del) ipsecadm delspi -spi 545 -dst $gw2 rtdelete $gw1 $hostmask $gw2 $hostmask \ -1 -1 -1 rtdelete $default $hostmask $gw2 $hostmask \ -1 -1 -1 ipsecadm delspi -spi 555 -dst $gw1 ;; trahsha1) ipsecadm new ah -auth sha1 -spi 585 -src $gw1 -dst $gw2 \ -key 0a0b0c0d0e0f1a1b1c1d1e1f2a2b2c2d2e2f3a3b rt $gw1 $hostmask $gw2 $hostmask \ -1 -1 -1 $gw2 585 0 rt $default $hostmask $gw2 $hostmask \ -1 -1 -1 $gw2 585 0 ipsecadm new ah -auth sha1 -spi 595 -src $gw2 -dst $gw1 \ -key 3c3d3e3f4a4b4c4d4e4f5a5b5c5d5e5f6a6b6c6d ;; trahsha1del) ipsecadm delspi -spi 585 -dst $gw2 rtdelete $gw1 $hostmask $gw2 $hostmask \ -1 -1 -1 rtdelete $default $hostmask $gw2 $hostmask \ -1 -1 -1 ipsecadm delspi -spi 595 -dst $gw1 ;; tresp3desmd5) ipsecadm -enc 3des -auth md5 -spi 525 -src $gw1 -dst $gw2 \ -key 010203040506070809101112131415161718192021222324 \ -authkey 25262728293031323334353637383940 -iv $iv rt $gw1 $hostmask $gw2 $hostmask \ -1 -1 -1 $gw2 525 1 rt $default $hostmask $gw2 $hostmask \ -1 -1 -1 $gw2 525 1 ipsecadm -enc 3des -auth md5 -spi 535 -src $gw2 -dst $gw1 \ -key 414243444546474849505152535455565758596061626364 \ -authkey 65666768697071727374757677787980 -iv $iv ;; tresp3desmd5del) ipsecadm delspi -spi 525 -dst $gw2 rtdelete $gw1 $hostmask $gw2 $hostmask \ -1 -1 -1 rtdelete $default $hostmask $gw2 $hostmask \ -1 -1 -1 ipsecadm delspi -spi 535 -dst $gw1 ;; tresp3des) ipsecadm -enc 3des -spi 525 -src $gw1 -dst $gw2 \ -key 010203040506070809101112131415161718192021222324 \ -iv $iv rt $gw1 $hostmask $gw2 $hostmask \ -1 -1 -1 $gw2 525 1 rt $default $hostmask $gw2 $hostmask \ -1 -1 -1 $gw2 525 1 ipsecadm -enc 3des -spi 535 -src $gw2 -dst $gw1 \ -key 414243444546474849505152535455565758596061626364 \ -iv $iv ;; tresp3desdel) ipsecadm delspi -spi 525 -dst $gw2 rtdelete $gw1 $hostmask $gw2 $hostmask \ -1 -1 -1 rtdelete $default $hostmask $gw2 $hostmask \ -1 -1 -1 ipsecadm delspi -spi 535 -dst $gw1 ;; tresp3dessha1) ipsecadm -enc 3des -auth sha1 -spi 525 -src $gw1 -dst $gw2 \ -key 010203040506070809101112131415161718192021222324 \ -authkey 2526272829303132333435363738394041424344 -iv $iv rt $gw1 $hostmask $gw2 $hostmask \ -1 -1 -1 $gw2 525 1 rt $default $hostmask $gw2 $hostmask \ -1 -1 -1 $gw2 525 1 ipsecadm -enc 3des -auth sha1 -spi 535 -src $gw2 -dst $gw1 \ -key 414243444546474849505152535455565758596061626364 \ -authkey 6566676869707172737475767778798081828384 -iv $iv ;; tresp3dessha1del) ipsecadm delspi -spi 525 -dst $gw2 rtdelete $gw1 $hostmask $gw2 $hostmask \ -1 -1 -1 rtdelete $default $hostmask $gw2 $hostmask \ -1 -1 -1 ipsecadm delspi -spi 535 -dst $gw1 ;; trespdesmd5) ipsecadm -enc des -auth md5 -spi 565 -src $gw1 -dst $gw2 \ -key b3b4b5b6b7b8b9c0 -iv $iv \ -authkey c1c2c3c4c5c6c7c8c9d0d1d2d3d4d5d6 rt $gw1 $hostmask $gw2 $hostmask \ -1 -1 -1 $gw2 565 1 rt $default $hostmask $gw2 $hostmask \ -1 -1 -1 $gw2 565 1 ipsecadm -enc des -auth md5 -spi 575 -src $gw2 -dst $gw1 \ -key d7d8d9e0e1e2e3e4 \ -authkey e5e6e7e8e9f0f1f2f3f4f5f6f7f8f900 -iv $iv ;; trespdesmd5del) ipsecadm delspi -spi 565 -dst $gw2 rtdelete $gw1 $hostmask $gw2 $hostmask \ -1 -1 -1 rtdelete $default $hostmask $gw2 $hostmask \ -1 -1 -1 ipsecadm delspi -spi 575 -dst $gw1 ;; trespdes) ipsecadm -enc des -spi 565 -src $gw1 -dst $gw2 \ -key b3b4b5b6b7b8b9c0 -iv $iv rt $gw1 $hostmask $gw2 $hostmask \ -1 -1 -1 $gw2 565 1 rt $default $hostmask $gw2 $hostmask \ -1 -1 -1 $gw2 565 1 ipsecadm -enc des -spi 575 -src $gw2 -dst $gw1 \ -key d7d8d9e0e1e2e3e4 -iv $iv ;; trespdesdel) ipsecadm delspi -spi 565 -dst $gw2 rtdelete $gw1 $hostmask $gw2 $hostmask \ -1 -1 -1 rtdelete $default $hostmask $gw2 $hostmask \ -1 -1 -1 ipsecadm delspi -spi 575 -dst $gw1 ;; trespdessha1) ipsecadm -enc des -auth sha1 -spi 565 -src $gw1 -dst $gw2 \ -key b3b4b5b6b7b8b9c0 -iv $iv \ -authkey c1c2c3c4c5c6c7c8c9d0d1d2d3d4d5d6d7d8d9e0 rt $gw1 $hostmask $gw2 $hostmask \ -1 -1 -1 $gw2 565 1 rt $default $hostmask $gw2 $hostmask \ -1 -1 -1 $gw2 565 1 ipsecadm -enc des -auth sha1 -spi 575 -src $gw2 -dst $gw1 \ -key d7d8d9e0e1e2e3e4 -iv $iv \ -authkey e5e6e7e8e9f0f1f2f3f4f5f6f7f8f90001020304 ;; trespdessha1del) ipsecadm delspi -spi 565 -dst $gw2 rtdelete $gw1 $hostmask $gw2 $hostmask \ -1 -1 -1 rtdelete $default $hostmask $gw2 $hostmask \ -1 -1 -1 ipsecadm delspi -spi 575 -dst $gw1 ;; esac