../../guestbin/prep.sh
rise #
 ../../guestbin/ip.sh link add dev ipsec1 type xfrm dev eth2 if_id 1
rise #
 ../../guestbin/ip.sh addr add 198.18.12.12/24 dev ipsec1
rise #
 ../../guestbin/ip.sh link set ipsec1 up
rise #
 ../../guestbin/ip.sh addr show ipsec1
X: ipsec1@eth2: <NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN
    inet 198.18.12.12/24 scope global ipsec1
       valid_lft forever preferred_lft forever
    inet6 fe80::xxxx/64 scope link stable-privacy proto kernel_ll
       valid_lft forever preferred_lft forever
rise #
 ../../guestbin/ip.sh link show ipsec1
X: ipsec1@eth2: <NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN
rise #
 ../../guestbin/ipsec-kernel-policy.sh
rise #
 ip -4 route add 198.18.15.0/24 dev ipsec1
rise #
 ../../guestbin/ip.sh xfrm state add src 198.18.1.12 dst 198.18.1.15 proto esp spi 4523 reqid 4523 if_id 1 mode tunnel enc 'cbc(aes)' '45-----Key----23' auth 'hmac(sha1)' '45------Hash------23'
rise #
 ../../guestbin/ip.sh xfrm state add src 198.18.1.15 dst 198.18.1.12 proto esp spi 2345 reqid 2345 if_id 1 mode tunnel enc 'cbc(aes)' '23-----Key----45' auth 'hmac(sha1)' '23------Hash------45'
rise #
 # ignore forward policy
rise #
 ../../guestbin/ip.sh xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 if_id 1 dir out tmpl src 198.18.1.12 dst 198.18.1.15 proto esp reqid 4523 mode tunnel
rise #
 ../../guestbin/ip.sh xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 if_id 1 dir in  tmpl src 198.18.1.15 dst 198.18.1.12 proto esp reqid 2345 mode tunnel
rise #
 #../../guestbin/ip.sh xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 if_id 1 dir fwd tmpl src 198.18.1.15 dst 198.18.1.12 proto esp reqid 2345 mode tunnel
rise #
 ../../guestbin/ipsec-kernel-state.sh
src 198.18.1.15 dst 198.18.1.12
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
	if_id 0x1
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
src 198.18.1.12 dst 198.18.1.15
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
	if_id 0x1
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
rise #
 ../../guestbin/ipsec-kernel-policy.sh
src 0.0.0.0/0 dst 0.0.0.0/0
	dir in priority 0 ptype main
	tmpl src 198.18.1.15 dst 198.18.1.12
		proto esp reqid REQID mode tunnel
	if_id 0x1
src 0.0.0.0/0 dst 0.0.0.0/0
	dir out priority 0 ptype main
	tmpl src 198.18.1.12 dst 198.18.1.15
		proto esp reqid REQID mode tunnel
	if_id 0x1
rise #
 ../../guestbin/ping-once.sh --up -I 198.18.12.12 198.18.15.15
up
rise #
 ../../guestbin/ipsec-kernel-state.sh
src 198.18.1.15 dst 198.18.1.12
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
	lastused YYYY-MM-DD HH:MM:SS
	if_id 0x1
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
src 198.18.1.12 dst 198.18.1.15
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
	lastused YYYY-MM-DD HH:MM:SS
	if_id 0x1
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
rise #
 ../../guestbin/ipsec-kernel-policy.sh
src 0.0.0.0/0 dst 0.0.0.0/0
	dir in priority 0 ptype main
	tmpl src 198.18.1.15 dst 198.18.1.12
		proto esp reqid REQID mode tunnel
	if_id 0x1
src 0.0.0.0/0 dst 0.0.0.0/0
	dir out priority 0 ptype main
	tmpl src 198.18.1.12 dst 198.18.1.15
		proto esp reqid REQID mode tunnel
	if_id 0x1
rise #
 #../../guestbin/ip.sh xfrm state flush
rise #
 #../../guestbin/ip.sh link delete ipsec1
rise #
 
