#!/usr/sbin/setkey -f # # SPD for 10.0.0.23 # # Flush the SAD and SPD flush; spdflush; spdadd 10.0.0.23 10.0.0.42 any -P out ipsec esp/transport//require ah/transport//require; spdadd 10.0.0.42 10.0.0.23 any -P in ipsec esp/transport//require ah/transport//require; # AH SAD entries with 160 bit keys add 10.0.0.23 10.0.0.42 ah 0x200 -A hmac-sha1 0x46915c30ed7e2465b42861b6ab19f2772813020c; add 10.0.0.42 10.0.0.23 ah 0x300 -A hmac-sha1 0xc4dac594f8228e0b94a54758f7fbf2fdf4e37f3e; # ESP SAD entries with 192 bit keys add 10.0.0.23 10.0.0.42 esp 0x201 -E rijndael-cbc 0xa3993b3dfc41ef0a1aa8d168a8bf2c27e48249ac17b61e09; add 10.0.0.42 10.0.0.23 esp 0x301 -E rijndael-cbc 0x8f6498928ba354bd45cfad147f54c67b3b742896b3bafc02;