xref: /openbsd-src/regress/sbin/ipsecctl/ike13.ok (revision fe0dc84ef35ebd2e677bd4022cd865d18ec288a0) 
1FROM = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
2C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
3C set [peer-1.1.1.1]:Phase=1 force
4C set [peer-1.1.1.1]:Address=1.1.1.1 force
5C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
6C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
7C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072 force
8C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
9C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
10C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
11C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
12C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
13C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
14C set [from-2.2.2.0/24-to-1.1.1.1]:Phase=2 force
15C set [from-2.2.2.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
16C set [from-2.2.2.0/24-to-1.1.1.1]:Configuration=phase2-from-2.2.2.0/24-to-1.1.1.1 force
17C set [from-2.2.2.0/24-to-1.1.1.1]:Local-ID=from-2.2.2.0/24 force
18C set [from-2.2.2.0/24-to-1.1.1.1]:Remote-ID=to-1.1.1.1 force
19C set [phase2-from-2.2.2.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
20C set [phase2-from-2.2.2.0/24-to-1.1.1.1]:Suites=phase2-suite-from-2.2.2.0/24-to-1.1.1.1 force
21C set [phase2-suite-from-2.2.2.0/24-to-1.1.1.1]:Protocols=phase2-protocol-from-2.2.2.0/24-to-1.1.1.1 force
22C set [phase2-protocol-from-2.2.2.0/24-to-1.1.1.1]:PROTOCOL_ID=IPSEC_ESP force
23C set [phase2-protocol-from-2.2.2.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL force
24C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
25C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
26C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
27C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
28C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
29C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
30C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
31C set [from-2.2.2.0/24]:Network=2.2.2.0 force
32C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
33C set [to-1.1.1.1]:ID-type=IPV4_ADDR force
34C set [to-1.1.1.1]:Address=1.1.1.1 force
35C add [Phase 2]:Connections=from-2.2.2.0/24-to-1.1.1.1
36C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
37C set [peer-1.1.1.1]:Phase=1 force
38C set [peer-1.1.1.1]:Address=1.1.1.1 force
39C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
40C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
41C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072 force
42C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
43C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
44C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
45C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
46C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
47C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
48C set [from-3.3.3.0/24-to-1.1.1.1]:Phase=2 force
49C set [from-3.3.3.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
50C set [from-3.3.3.0/24-to-1.1.1.1]:Configuration=phase2-from-3.3.3.0/24-to-1.1.1.1 force
51C set [from-3.3.3.0/24-to-1.1.1.1]:Local-ID=from-3.3.3.0/24 force
52C set [from-3.3.3.0/24-to-1.1.1.1]:Remote-ID=to-1.1.1.1 force
53C set [phase2-from-3.3.3.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
54C set [phase2-from-3.3.3.0/24-to-1.1.1.1]:Suites=phase2-suite-from-3.3.3.0/24-to-1.1.1.1 force
55C set [phase2-suite-from-3.3.3.0/24-to-1.1.1.1]:Protocols=phase2-protocol-from-3.3.3.0/24-to-1.1.1.1 force
56C set [phase2-protocol-from-3.3.3.0/24-to-1.1.1.1]:PROTOCOL_ID=IPSEC_ESP force
57C set [phase2-protocol-from-3.3.3.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL force
58C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
59C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
60C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
61C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
62C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
63C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
64C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
65C set [from-3.3.3.0/24]:Network=3.3.3.0 force
66C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
67C set [to-1.1.1.1]:ID-type=IPV4_ADDR force
68C set [to-1.1.1.1]:Address=1.1.1.1 force
69C add [Phase 2]:Connections=from-3.3.3.0/24-to-1.1.1.1
70C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
71C set [peer-1.1.1.1]:Phase=1 force
72C set [peer-1.1.1.1]:Address=1.1.1.1 force
73C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
74C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
75C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072 force
76C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
77C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
78C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
79C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
80C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
81C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
82C set [from-4.4.4.0/24-to-1.1.1.1]:Phase=2 force
83C set [from-4.4.4.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
84C set [from-4.4.4.0/24-to-1.1.1.1]:Configuration=phase2-from-4.4.4.0/24-to-1.1.1.1 force
85C set [from-4.4.4.0/24-to-1.1.1.1]:Local-ID=from-4.4.4.0/24 force
86C set [from-4.4.4.0/24-to-1.1.1.1]:Remote-ID=to-1.1.1.1 force
87C set [phase2-from-4.4.4.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
88C set [phase2-from-4.4.4.0/24-to-1.1.1.1]:Suites=phase2-suite-from-4.4.4.0/24-to-1.1.1.1 force
89C set [phase2-suite-from-4.4.4.0/24-to-1.1.1.1]:Protocols=phase2-protocol-from-4.4.4.0/24-to-1.1.1.1 force
90C set [phase2-protocol-from-4.4.4.0/24-to-1.1.1.1]:PROTOCOL_ID=IPSEC_ESP force
91C set [phase2-protocol-from-4.4.4.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL force
92C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
93C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
94C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
95C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
96C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
97C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
98C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
99C set [from-4.4.4.0/24]:Network=4.4.4.0 force
100C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
101C set [to-1.1.1.1]:ID-type=IPV4_ADDR force
102C set [to-1.1.1.1]:Address=1.1.1.1 force
103C add [Phase 2]:Connections=from-4.4.4.0/24-to-1.1.1.1
104