xref: /openbsd/regress/sbin/ipsecctl/ike50.ok (revision fe0dc84e) 
1bf407290ShshoexerC set [Phase 1]:Default=peer-default force
2bf407290ShshoexerC set [peer-default]:Phase=1 force
3bf407290ShshoexerC set [peer-default]:Local-address=1.1.1.1 force
4befd40c8SbluhmC set [peer-default]:Configuration=phase1-peer-default force
5befd40c8SbluhmC set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
6*fe0dc84eSmikebC add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_3072 force
7*fe0dc84eSmikebC set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
8*fe0dc84eSmikebC set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
9*fe0dc84eSmikebC set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
10*fe0dc84eSmikebC set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
11*fe0dc84eSmikebC set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
12*fe0dc84eSmikebC set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
13befd40c8SbluhmC set [from-10.1.1.0/24-to-10.2.2.0/24]:Phase=2 force
14befd40c8SbluhmC set [from-10.1.1.0/24-to-10.2.2.0/24]:ISAKMP-peer=peer-default force
15befd40c8SbluhmC set [from-10.1.1.0/24-to-10.2.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.2.2.0/24 force
16befd40c8SbluhmC set [from-10.1.1.0/24-to-10.2.2.0/24]:Local-ID=from-10.1.1.0/24 force
17befd40c8SbluhmC set [from-10.1.1.0/24-to-10.2.2.0/24]:Remote-ID=to-10.2.2.0/24 force
18befd40c8SbluhmC set [phase2-from-10.1.1.0/24-to-10.2.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
1902cf1b84SmarkusC set [phase2-from-10.1.1.0/24-to-10.2.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.2.2.0/24 force
2002cf1b84SmarkusC set [phase2-suite-from-10.1.1.0/24-to-10.2.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.2.2.0/24 force
2102cf1b84SmarkusC set [phase2-protocol-from-10.1.1.0/24-to-10.2.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
22*fe0dc84eSmikebC set [phase2-protocol-from-10.1.1.0/24-to-10.2.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_3072-TUNNEL force
23*fe0dc84eSmikebC set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
24*fe0dc84eSmikebC set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
25*fe0dc84eSmikebC set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
26*fe0dc84eSmikebC set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
27*fe0dc84eSmikebC set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
28*fe0dc84eSmikebC set [phase2-transform-from-10.1.1.0/24-to-10.2.2.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
29befd40c8SbluhmC set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
30befd40c8SbluhmC set [from-10.1.1.0/24]:Network=10.1.1.0 force
31befd40c8SbluhmC set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
32befd40c8SbluhmC set [to-10.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
33befd40c8SbluhmC set [to-10.2.2.0/24]:Network=10.2.2.0 force
34befd40c8SbluhmC set [to-10.2.2.0/24]:Netmask=255.255.255.0 force
35befd40c8SbluhmC add [Phase 2]:Connections=from-10.1.1.0/24-to-10.2.2.0/24
36