../../guestbin/prep.sh
west #
 # force the kernel to use fixed IDs
west #
 sysctl -w net.ipsecif.use_fixed_reqid=1
net.ipsecif.use_fixed_reqid: 1 -> 1
west #
 unit=1
west #
 reqid_ipv4=$(($(sysctl -n net.ipsecif.reqid_base) + 2 * unit))
west #
 reqid_ipv6=$(($(sysctl -n net.ipsecif.reqid_base) + 2 * unit + 1))
west #
 ifconfig ipsec${unit} create
west #
 ifconfig ipsec${unit} -link2
west #
 ifconfig ipsec${unit} inet tunnel 192.1.2.45 192.1.2.23
west #
 ifconfig ipsec${unit} inet 198.18.45.45/24 198.18.23.23
west #
 ifconfig ipsec${unit}
ipsec1: flags=0x8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
	tunnel inet 192.1.2.45 --> 192.1.2.23
	status: active
	inet6 fe80::d84f:53:a5c1:3882%ipsec1/64 ->  flags 0 scopeid 0x5
	inet 198.18.45.45/24 -> 198.18.23.23 flags 0
west #
 ipsec _kernel policy
192.1.2.23[any] 192.1.2.45[any] 4(ipv4)
	in ipsec
	esp/transport//unique:8194
	spid=1 seq=3 pid=PID
	refcnt=0
192.1.2.23[any] 192.1.2.45[any] 41(ipv6)
	in discard
	spid=3 seq=2 pid=PID
	refcnt=0
192.1.2.45[any] 192.1.2.23[any] 4(ipv4)
	out ipsec
	esp/transport//unique:8194
	spid=2 seq=1 pid=PID
	refcnt=0
192.1.2.45[any] 192.1.2.23[any] 41(ipv6)
	out discard
	spid=4 seq=0 pid=PID
	refcnt=0
west #
 echo 'add 192.1.2.45 192.1.2.23 esp 4523 -m transport -u '${reqid_ipv4}' -E rijndael-cbc "45-----Key----23" -A hmac-sha1 "45------Hash------23" ;' | setkey -c
west #
 echo 'add 192.1.2.23 192.1.2.45 esp 2345 -m transport -u '${reqid_ipv4}'  -E rijndael-cbc "23-----Key----45" -A hmac-sha1 "23------Hash------45" ;' | setkey -c
west #
 ipsec _kernel state
192.1.2.23 192.1.2.45 
	esp mode=transport spi=SPISPI(0xSPISPI) reqid=8194(0x00002002)
	E: aes-cbc  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	A: hmac-sha1  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	seq=0x00000000 replay=0 flags=0x00000040 state=mature 
	created: TIMESTAMP	current: TIMESTAMP
	diff: N(s)	hard: 0(s)	soft: 0(s)
	last: TIMESTAMP	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=1 pid=PID refcnt=0
192.1.2.45 192.1.2.23 
	esp mode=transport spi=SPISPI(0xSPISPI) reqid=8194(0x00002002)
	E: aes-cbc  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	A: hmac-sha1  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	seq=0x00000000 replay=0 flags=0x00000040 state=mature 
	created: TIMESTAMP	current: TIMESTAMP
	diff: N(s)	hard: 0(s)	soft: 0(s)
	last: TIMESTAMP	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=0 pid=PID refcnt=0
west #
 ../../guestbin/ping-once.sh --up -I 198.18.45.45 198.18.23.23
up
west #
 ipsec _kernel state
192.1.2.23 192.1.2.45 
	esp mode=transport spi=SPISPI(0xSPISPI) reqid=8194(0x00002002)
	E: aes-cbc  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	A: hmac-sha1  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	seq=0x00000002 replay=0 flags=0x00000040 state=mature 
	created: TIMESTAMP	current: TIMESTAMP
	diff: N(s)	hard: 0(s)	soft: 0(s)
	last: TIMESTAMP	hard: 0(s)	soft: 0(s)
	current: 208(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 2	hard: 0	soft: 0
	sadb_seq=1 pid=PID refcnt=0
192.1.2.45 192.1.2.23 
	esp mode=transport spi=SPISPI(0xSPISPI) reqid=8194(0x00002002)
	E: aes-cbc  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	A: hmac-sha1  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	seq=0x00000002 replay=0 flags=0x00000040 state=mature 
	created: TIMESTAMP	current: TIMESTAMP
	diff: N(s)	hard: 0(s)	soft: 0(s)
	last: TIMESTAMP	hard: 0(s)	soft: 0(s)
	current: 304(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 2	hard: 0	soft: 0
	sadb_seq=0 pid=PID refcnt=0
west #
 ipsec _kernel policy
192.1.2.23[any] 192.1.2.45[any] 4(ipv4)
	in ipsec
	esp/transport//unique:8194
	spid=1 seq=3 pid=PID
	refcnt=0
192.1.2.23[any] 192.1.2.45[any] 41(ipv6)
	in discard
	spid=3 seq=2 pid=PID
	refcnt=0
192.1.2.45[any] 192.1.2.23[any] 4(ipv4)
	out ipsec
	esp/transport//unique:8194
	spid=2 seq=1 pid=PID
	refcnt=0
192.1.2.45[any] 192.1.2.23[any] 41(ipv6)
	out discard
	spid=4 seq=0 pid=PID
	refcnt=0
west #
 setkey -F
west #
 ifconfig ipsec1 destroy
west #
