xref: /openbsd/regress/sbin/ipsecctl/ike57.ok (revision 73471bf0) 
1C set [Phase 1]:192.168.0.1=peer-192.168.0.1 force
2C set [peer-192.168.0.1]:Phase=1 force
3C set [peer-192.168.0.1]:Address=192.168.0.1 force
4C set [peer-192.168.0.1]:Configuration=phase1-peer-192.168.0.1 force
5C set [phase1-peer-192.168.0.1]:EXCHANGE_TYPE=ID_PROT force
6C add [phase1-peer-192.168.0.1]:Transforms=phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_3072 force
7C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
8C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
9C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
10C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
11C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
12C set [phase1-transform-peer-192.168.0.1-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
13C set [peer-192.168.0.1]:ID=id-me@example.com force
14C set [id-me@example.com]:ID-type=USER_FQDN force
15C set [id-me@example.com]:Name=me@example.com force
16C set [peer-192.168.0.1]:Remote-ID=id-other.example.com force
17C set [id-other.example.com]:ID-type=FQDN force
18C set [id-other.example.com]:Name=other.example.com force
19C set [from-10.0.0.0/24-to-10.0.1.0/24]:Phase=2 force
20C set [from-10.0.0.0/24-to-10.0.1.0/24]:ISAKMP-peer=peer-192.168.0.1 force
21C set [from-10.0.0.0/24-to-10.0.1.0/24]:Configuration=phase2-from-10.0.0.0/24-to-10.0.1.0/24 force
22C set [from-10.0.0.0/24-to-10.0.1.0/24]:Local-ID=from-10.0.0.0/24 force
23C set [from-10.0.0.0/24-to-10.0.1.0/24]:Remote-ID=to-10.0.1.0/24 force
24C set [phase2-from-10.0.0.0/24-to-10.0.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force
25C set [phase2-from-10.0.0.0/24-to-10.0.1.0/24]:Suites=phase2-suite-from-10.0.0.0/24-to-10.0.1.0/24 force
26C set [phase2-suite-from-10.0.0.0/24-to-10.0.1.0/24]:Protocols=phase2-protocol-from-10.0.0.0/24-to-10.0.1.0/24 force
27C set [phase2-protocol-from-10.0.0.0/24-to-10.0.1.0/24]:PROTOCOL_ID=IPSEC_ESP force
28C set [phase2-protocol-from-10.0.0.0/24-to-10.0.1.0/24]:Transforms=phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_3072-TUNNEL force
29C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
30C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
31C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
32C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
33C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
34C set [phase2-transform-from-10.0.0.0/24-to-10.0.1.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
35C set [from-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
36C set [from-10.0.0.0/24]:Network=10.0.0.0 force
37C set [from-10.0.0.0/24]:Netmask=255.255.255.0 force
38C set [to-10.0.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
39C set [to-10.0.1.0/24]:Network=10.0.1.0 force
40C set [to-10.0.1.0/24]:Netmask=255.255.255.0 force
41C add [Phase 2]:Connections=from-10.0.0.0/24-to-10.0.1.0/24
42C set [Phase 1]:192.168.0.2=peer-192.168.0.2 force
43C set [peer-192.168.0.2]:Phase=1 force
44C set [peer-192.168.0.2]:Address=192.168.0.2 force
45C set [peer-192.168.0.2]:Configuration=phase1-peer-192.168.0.2 force
46C set [phase1-peer-192.168.0.2]:EXCHANGE_TYPE=ID_PROT force
47C add [phase1-peer-192.168.0.2]:Transforms=phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_3072 force
48C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
49C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
50C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
51C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
52C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
53C set [phase1-transform-peer-192.168.0.2-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
54C set [peer-192.168.0.2]:ID=id-me@example.com force
55C set [id-me@example.com]:ID-type=USER_FQDN force
56C set [id-me@example.com]:Name=me@example.com force
57C set [peer-192.168.0.2]:Remote-ID=id-other@example.com force
58C set [id-other@example.com]:ID-type=USER_FQDN force
59C set [id-other@example.com]:Name=other@example.com force
60C set [from-10.0.0.0/24-to-10.0.2.0/24]:Phase=2 force
61C set [from-10.0.0.0/24-to-10.0.2.0/24]:ISAKMP-peer=peer-192.168.0.2 force
62C set [from-10.0.0.0/24-to-10.0.2.0/24]:Configuration=phase2-from-10.0.0.0/24-to-10.0.2.0/24 force
63C set [from-10.0.0.0/24-to-10.0.2.0/24]:Local-ID=from-10.0.0.0/24 force
64C set [from-10.0.0.0/24-to-10.0.2.0/24]:Remote-ID=to-10.0.2.0/24 force
65C set [phase2-from-10.0.0.0/24-to-10.0.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
66C set [phase2-from-10.0.0.0/24-to-10.0.2.0/24]:Suites=phase2-suite-from-10.0.0.0/24-to-10.0.2.0/24 force
67C set [phase2-suite-from-10.0.0.0/24-to-10.0.2.0/24]:Protocols=phase2-protocol-from-10.0.0.0/24-to-10.0.2.0/24 force
68C set [phase2-protocol-from-10.0.0.0/24-to-10.0.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
69C set [phase2-protocol-from-10.0.0.0/24-to-10.0.2.0/24]:Transforms=phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_3072-TUNNEL force
70C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
71C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
72C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
73C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
74C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
75C set [phase2-transform-from-10.0.0.0/24-to-10.0.2.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
76C set [from-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
77C set [from-10.0.0.0/24]:Network=10.0.0.0 force
78C set [from-10.0.0.0/24]:Netmask=255.255.255.0 force
79C set [to-10.0.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
80C set [to-10.0.2.0/24]:Network=10.0.2.0 force
81C set [to-10.0.2.0/24]:Netmask=255.255.255.0 force
82C add [Phase 2]:Connections=from-10.0.0.0/24-to-10.0.2.0/24
83C set [Phase 1]:192.168.0.3=peer-192.168.0.3 force
84C set [peer-192.168.0.3]:Phase=1 force
85C set [peer-192.168.0.3]:Address=192.168.0.3 force
86C set [peer-192.168.0.3]:Configuration=phase1-peer-192.168.0.3 force
87C set [phase1-peer-192.168.0.3]:EXCHANGE_TYPE=ID_PROT force
88C add [phase1-peer-192.168.0.3]:Transforms=phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_3072 force
89C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
90C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
91C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
92C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
93C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
94C set [phase1-transform-peer-192.168.0.3-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
95C set [peer-192.168.0.3]:ID=id-me.example.com force
96C set [id-me.example.com]:ID-type=FQDN force
97C set [id-me.example.com]:Name=me.example.com force
98C set [peer-192.168.0.3]:Remote-ID=id-other@example.com force
99C set [id-other@example.com]:ID-type=USER_FQDN force
100C set [id-other@example.com]:Name=other@example.com force
101C set [from-10.0.0.0/24-to-10.0.3.0/24]:Phase=2 force
102C set [from-10.0.0.0/24-to-10.0.3.0/24]:ISAKMP-peer=peer-192.168.0.3 force
103C set [from-10.0.0.0/24-to-10.0.3.0/24]:Configuration=phase2-from-10.0.0.0/24-to-10.0.3.0/24 force
104C set [from-10.0.0.0/24-to-10.0.3.0/24]:Local-ID=from-10.0.0.0/24 force
105C set [from-10.0.0.0/24-to-10.0.3.0/24]:Remote-ID=to-10.0.3.0/24 force
106C set [phase2-from-10.0.0.0/24-to-10.0.3.0/24]:EXCHANGE_TYPE=QUICK_MODE force
107C set [phase2-from-10.0.0.0/24-to-10.0.3.0/24]:Suites=phase2-suite-from-10.0.0.0/24-to-10.0.3.0/24 force
108C set [phase2-suite-from-10.0.0.0/24-to-10.0.3.0/24]:Protocols=phase2-protocol-from-10.0.0.0/24-to-10.0.3.0/24 force
109C set [phase2-protocol-from-10.0.0.0/24-to-10.0.3.0/24]:PROTOCOL_ID=IPSEC_ESP force
110C set [phase2-protocol-from-10.0.0.0/24-to-10.0.3.0/24]:Transforms=phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_3072-TUNNEL force
111C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
112C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
113C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
114C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
115C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
116C set [phase2-transform-from-10.0.0.0/24-to-10.0.3.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
117C set [from-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
118C set [from-10.0.0.0/24]:Network=10.0.0.0 force
119C set [from-10.0.0.0/24]:Netmask=255.255.255.0 force
120C set [to-10.0.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
121C set [to-10.0.3.0/24]:Network=10.0.3.0 force
122C set [to-10.0.3.0/24]:Netmask=255.255.255.0 force
123C add [Phase 2]:Connections=from-10.0.0.0/24-to-10.0.3.0/24
124