xref: /openbsd/regress/sbin/ipsecctl/ike14.ok (revision 404b540a) 
1FROM = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
2TO = "{ 5.5.5.0/24, 6.6.6.0/24, 7.7.7.0/24 }"
3C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
4C set [peer-1.1.1.1]:Phase=1 force
5C set [peer-1.1.1.1]:Address=1.1.1.1 force
6C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
7C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
8C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
9C set [from-2.2.2.0/24-to-5.5.5.0/24]:Phase=2 force
10C set [from-2.2.2.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
11C set [from-2.2.2.0/24-to-5.5.5.0/24]:Configuration=phase2-from-2.2.2.0/24-to-5.5.5.0/24 force
12C set [from-2.2.2.0/24-to-5.5.5.0/24]:Local-ID=from-2.2.2.0/24 force
13C set [from-2.2.2.0/24-to-5.5.5.0/24]:Remote-ID=to-5.5.5.0/24 force
14C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
15C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
16C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
17C set [from-2.2.2.0/24]:Network=2.2.2.0 force
18C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
19C set [to-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
20C set [to-5.5.5.0/24]:Network=5.5.5.0 force
21C set [to-5.5.5.0/24]:Netmask=255.255.255.0 force
22C add [Phase 2]:Connections=from-2.2.2.0/24-to-5.5.5.0/24
23C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
24C set [peer-1.1.1.1]:Phase=1 force
25C set [peer-1.1.1.1]:Address=1.1.1.1 force
26C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
27C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
28C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
29C set [from-2.2.2.0/24-to-6.6.6.0/24]:Phase=2 force
30C set [from-2.2.2.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
31C set [from-2.2.2.0/24-to-6.6.6.0/24]:Configuration=phase2-from-2.2.2.0/24-to-6.6.6.0/24 force
32C set [from-2.2.2.0/24-to-6.6.6.0/24]:Local-ID=from-2.2.2.0/24 force
33C set [from-2.2.2.0/24-to-6.6.6.0/24]:Remote-ID=to-6.6.6.0/24 force
34C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
35C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
36C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
37C set [from-2.2.2.0/24]:Network=2.2.2.0 force
38C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
39C set [to-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
40C set [to-6.6.6.0/24]:Network=6.6.6.0 force
41C set [to-6.6.6.0/24]:Netmask=255.255.255.0 force
42C add [Phase 2]:Connections=from-2.2.2.0/24-to-6.6.6.0/24
43C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
44C set [peer-1.1.1.1]:Phase=1 force
45C set [peer-1.1.1.1]:Address=1.1.1.1 force
46C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
47C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
48C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
49C set [from-2.2.2.0/24-to-7.7.7.0/24]:Phase=2 force
50C set [from-2.2.2.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
51C set [from-2.2.2.0/24-to-7.7.7.0/24]:Configuration=phase2-from-2.2.2.0/24-to-7.7.7.0/24 force
52C set [from-2.2.2.0/24-to-7.7.7.0/24]:Local-ID=from-2.2.2.0/24 force
53C set [from-2.2.2.0/24-to-7.7.7.0/24]:Remote-ID=to-7.7.7.0/24 force
54C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
55C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
56C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
57C set [from-2.2.2.0/24]:Network=2.2.2.0 force
58C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
59C set [to-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
60C set [to-7.7.7.0/24]:Network=7.7.7.0 force
61C set [to-7.7.7.0/24]:Netmask=255.255.255.0 force
62C add [Phase 2]:Connections=from-2.2.2.0/24-to-7.7.7.0/24
63C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
64C set [peer-1.1.1.1]:Phase=1 force
65C set [peer-1.1.1.1]:Address=1.1.1.1 force
66C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
67C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
68C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
69C set [from-3.3.3.0/24-to-5.5.5.0/24]:Phase=2 force
70C set [from-3.3.3.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
71C set [from-3.3.3.0/24-to-5.5.5.0/24]:Configuration=phase2-from-3.3.3.0/24-to-5.5.5.0/24 force
72C set [from-3.3.3.0/24-to-5.5.5.0/24]:Local-ID=from-3.3.3.0/24 force
73C set [from-3.3.3.0/24-to-5.5.5.0/24]:Remote-ID=to-5.5.5.0/24 force
74C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
75C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
76C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
77C set [from-3.3.3.0/24]:Network=3.3.3.0 force
78C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
79C set [to-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
80C set [to-5.5.5.0/24]:Network=5.5.5.0 force
81C set [to-5.5.5.0/24]:Netmask=255.255.255.0 force
82C add [Phase 2]:Connections=from-3.3.3.0/24-to-5.5.5.0/24
83C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
84C set [peer-1.1.1.1]:Phase=1 force
85C set [peer-1.1.1.1]:Address=1.1.1.1 force
86C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
87C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
88C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
89C set [from-3.3.3.0/24-to-6.6.6.0/24]:Phase=2 force
90C set [from-3.3.3.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
91C set [from-3.3.3.0/24-to-6.6.6.0/24]:Configuration=phase2-from-3.3.3.0/24-to-6.6.6.0/24 force
92C set [from-3.3.3.0/24-to-6.6.6.0/24]:Local-ID=from-3.3.3.0/24 force
93C set [from-3.3.3.0/24-to-6.6.6.0/24]:Remote-ID=to-6.6.6.0/24 force
94C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
95C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
96C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
97C set [from-3.3.3.0/24]:Network=3.3.3.0 force
98C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
99C set [to-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
100C set [to-6.6.6.0/24]:Network=6.6.6.0 force
101C set [to-6.6.6.0/24]:Netmask=255.255.255.0 force
102C add [Phase 2]:Connections=from-3.3.3.0/24-to-6.6.6.0/24
103C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
104C set [peer-1.1.1.1]:Phase=1 force
105C set [peer-1.1.1.1]:Address=1.1.1.1 force
106C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
107C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
108C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
109C set [from-3.3.3.0/24-to-7.7.7.0/24]:Phase=2 force
110C set [from-3.3.3.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
111C set [from-3.3.3.0/24-to-7.7.7.0/24]:Configuration=phase2-from-3.3.3.0/24-to-7.7.7.0/24 force
112C set [from-3.3.3.0/24-to-7.7.7.0/24]:Local-ID=from-3.3.3.0/24 force
113C set [from-3.3.3.0/24-to-7.7.7.0/24]:Remote-ID=to-7.7.7.0/24 force
114C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
115C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
116C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
117C set [from-3.3.3.0/24]:Network=3.3.3.0 force
118C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
119C set [to-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
120C set [to-7.7.7.0/24]:Network=7.7.7.0 force
121C set [to-7.7.7.0/24]:Netmask=255.255.255.0 force
122C add [Phase 2]:Connections=from-3.3.3.0/24-to-7.7.7.0/24
123C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
124C set [peer-1.1.1.1]:Phase=1 force
125C set [peer-1.1.1.1]:Address=1.1.1.1 force
126C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
127C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
128C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
129C set [from-4.4.4.0/24-to-5.5.5.0/24]:Phase=2 force
130C set [from-4.4.4.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
131C set [from-4.4.4.0/24-to-5.5.5.0/24]:Configuration=phase2-from-4.4.4.0/24-to-5.5.5.0/24 force
132C set [from-4.4.4.0/24-to-5.5.5.0/24]:Local-ID=from-4.4.4.0/24 force
133C set [from-4.4.4.0/24-to-5.5.5.0/24]:Remote-ID=to-5.5.5.0/24 force
134C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
135C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
136C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
137C set [from-4.4.4.0/24]:Network=4.4.4.0 force
138C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
139C set [to-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
140C set [to-5.5.5.0/24]:Network=5.5.5.0 force
141C set [to-5.5.5.0/24]:Netmask=255.255.255.0 force
142C add [Phase 2]:Connections=from-4.4.4.0/24-to-5.5.5.0/24
143C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
144C set [peer-1.1.1.1]:Phase=1 force
145C set [peer-1.1.1.1]:Address=1.1.1.1 force
146C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
147C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
148C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
149C set [from-4.4.4.0/24-to-6.6.6.0/24]:Phase=2 force
150C set [from-4.4.4.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
151C set [from-4.4.4.0/24-to-6.6.6.0/24]:Configuration=phase2-from-4.4.4.0/24-to-6.6.6.0/24 force
152C set [from-4.4.4.0/24-to-6.6.6.0/24]:Local-ID=from-4.4.4.0/24 force
153C set [from-4.4.4.0/24-to-6.6.6.0/24]:Remote-ID=to-6.6.6.0/24 force
154C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
155C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
156C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
157C set [from-4.4.4.0/24]:Network=4.4.4.0 force
158C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
159C set [to-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
160C set [to-6.6.6.0/24]:Network=6.6.6.0 force
161C set [to-6.6.6.0/24]:Netmask=255.255.255.0 force
162C add [Phase 2]:Connections=from-4.4.4.0/24-to-6.6.6.0/24
163C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
164C set [peer-1.1.1.1]:Phase=1 force
165C set [peer-1.1.1.1]:Address=1.1.1.1 force
166C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
167C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
168C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
169C set [from-4.4.4.0/24-to-7.7.7.0/24]:Phase=2 force
170C set [from-4.4.4.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
171C set [from-4.4.4.0/24-to-7.7.7.0/24]:Configuration=phase2-from-4.4.4.0/24-to-7.7.7.0/24 force
172C set [from-4.4.4.0/24-to-7.7.7.0/24]:Local-ID=from-4.4.4.0/24 force
173C set [from-4.4.4.0/24-to-7.7.7.0/24]:Remote-ID=to-7.7.7.0/24 force
174C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
175C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
176C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
177C set [from-4.4.4.0/24]:Network=4.4.4.0 force
178C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
179C set [to-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
180C set [to-7.7.7.0/24]:Network=7.7.7.0 force
181C set [to-7.7.7.0/24]:Netmask=255.255.255.0 force
182C add [Phase 2]:Connections=from-4.4.4.0/24-to-7.7.7.0/24
183