#!/usr/sbin/setkey -f # Debian: /etc/ipsec-tools.conf (ipsec-tools) # Host A: 172.16.0.1; 192.168.40.128 # Host B: 172.16.0.111; 192.168.40.129 ## Flush the SAD and SPD flush; spdflush; # A & B add 172.16.0.1 172.16.0.111 ah 15700 -A hmac-md5 "123456789.123456"; add 172.16.0.111 172.16.0.1 ah 24500 -A hmac-md5 "123456789.123456"; add 172.16.0.1 172.16.0.111 esp 15701 -E 3des-cbc "123456789.123456789.1234"; add 172.16.0.111 172.16.0.1 esp 24501 -E 3des-cbc "123456789.123456789.1234"; #dump ah; #dump esp; # A spdadd 172.16.0.1 172.16.0.111 any -P out ipsec esp/transport//require ah/transport//require; spdadd 172.16.0.111 172.16.0.1 any -P in ipsec esp/transport//require ah/transport//require; # B #spdadd 172.16.0.111 172.16.0.1 any -P out ipsec # esp/transport//require # ah/transport//require; #spdadd 172.16.0.1 172.16.0.111 any -P in ipsec # esp/transport//require # ah/transport//require;