2 # SPDX-License-Identifier: BSD-3-Clause
4 . ${DIR}/tun_aesctr_sha1_common_defs.sh
6 SGW_CMD_XPRM='-e -w 300 -l'
10 ssh ${REMOTE_HOST} ip xfrm policy flush
11 ssh ${REMOTE_HOST} ip xfrm state flush
13 ssh ${REMOTE_HOST} ip xfrm policy add \
14 src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
15 dir out ptype main action allow \
16 tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
17 proto esp mode tunnel reqid 1
19 ssh ${REMOTE_HOST} ip xfrm policy add \
20 src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
21 dir in ptype main action allow \
22 tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
23 proto esp mode tunnel reqid 2
25 ssh ${REMOTE_HOST} ip xfrm state add \
26 src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
27 proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \
28 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
29 enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
31 ssh ${REMOTE_HOST} ip xfrm state add \
32 src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
33 proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \
34 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
35 enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
37 ssh ${REMOTE_HOST} ip xfrm policy list
38 ssh ${REMOTE_HOST} ip xfrm state list
45 ssh ${REMOTE_HOST} ip xfrm policy add \
46 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
47 dir out ptype main action allow \
48 tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
49 proto esp mode tunnel reqid 3
51 ssh ${REMOTE_HOST} ip xfrm policy add \
52 src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
53 dir in ptype main action allow \
54 tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
55 proto esp mode tunnel reqid 4
57 ssh ${REMOTE_HOST} ip xfrm state add \
58 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
59 proto esp spi 9 reqid 3 mode tunnel replay-window 64 flag esn \
60 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
61 enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
63 ssh ${REMOTE_HOST} ip xfrm state add \
64 src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
65 proto esp spi 9 reqid 4 mode tunnel replay-window 64 flag esn \
66 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
67 enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
69 ssh ${REMOTE_HOST} ip xfrm policy list
70 ssh ${REMOTE_HOST} ip xfrm state list