3 . ${DIR}/trs_aesgcm_common_defs.sh
9 ssh ${REMOTE_HOST} ip xfrm policy flush
10 ssh ${REMOTE_HOST} ip xfrm state flush
12 ssh ${REMOTE_HOST} ip xfrm policy add \
13 src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
14 dir out ptype main action allow \
15 tmpl proto esp mode transport reqid 1
17 ssh ${REMOTE_HOST} ip xfrm policy add \
18 src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
19 dir in ptype main action allow \
20 tmpl proto esp mode transport reqid 2
22 ssh ${REMOTE_HOST} ip xfrm state add \
23 src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
24 proto esp spi 7 reqid 1 mode transport replay-window 64 \
25 aead "rfc4106\(gcm\(aes\)\)" \
26 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
28 ssh ${REMOTE_HOST} ip xfrm state add \
29 src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
30 proto esp spi 7 reqid 2 mode transport replay-window 64 \
31 aead "rfc4106\(gcm\(aes\)\)" \
32 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
34 ssh ${REMOTE_HOST} ip xfrm policy list
35 ssh ${REMOTE_HOST} ip xfrm state list
37 # to overcome problem with ipsec-secgw for inline mode,
38 # when first packet(s) will be always dropped.
39 # note that ping will fail here
40 ssh ${REMOTE_HOST} ping -c 1 ${LOCAL_IPV4}
47 ssh ${REMOTE_HOST} ip xfrm policy add \
48 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
49 dir out ptype main action allow \
50 tmpl proto esp mode transport reqid 3
52 ssh ${REMOTE_HOST} ip xfrm policy add \
53 src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
54 dir in ptype main action allow \
55 tmpl proto esp mode transport reqid 4
57 ssh ${REMOTE_HOST} ip xfrm state add \
58 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
59 proto esp spi 9 reqid 3 mode transport replay-window 64 \
60 aead "rfc4106\(gcm\(aes\)\)" \
61 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
63 ssh ${REMOTE_HOST} ip xfrm state add \
64 src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
65 proto esp spi 9 reqid 4 mode transport replay-window 64 \
66 aead "rfc4106\(gcm\(aes\)\)" \
67 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
69 ssh ${REMOTE_HOST} ip xfrm policy list
70 ssh ${REMOTE_HOST} ip xfrm state list
72 # to overcome problem with ipsec-secgw for inline mode,
73 # when first packet(s) will be always dropped.
74 # note that ping will fail here
75 ssh ${REMOTE_HOST} ping -c 1 ${LOCAL_IPV6}