Created
July 17, 2025 17:59
-
-
Save cleverfox/5db01eab3b7d0353dfef8e735b34289b to your computer and use it in GitHub Desktop.
Revisions
-
cleverfox created this gist
Jul 17, 2025 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,42 @@ # static ipsec between FreeBSD & Linux * Linux has IP address 9.9.223.245 * FreeBSD has IP address 5.3.25.69 ### Linux shell script ``` ip xfrm policy del src 9.9.223.245 dst 5.3.25.69 dir out ip xfrm policy del src 5.3.25.69 dst 9.9.223.245 dir in ip xfrm state del src 9.9.223.245 dst 5.3.25.69 proto esp spi 0x1000 ip xfrm state del src 5.3.25.69 dst 9.9.223.245 proto esp spi 0x2000 ip xfrm state add src 9.9.223.245 dst 5.3.25.69 proto esp spi 0x1000 \ mode transport \ enc 'cbc(aes)' 0xfedcba0987654321fedcba0987654321fedcba0987654321fedcba0987654321 ip xfrm state add src 5.3.25.69 dst 9.9.223.245 proto esp spi 0x2000 \ mode transport \ enc 'cbc(aes)' 0xfedcba0987654321fedcba0987654321fedcba0987654321fedcba0987654321 ip xfrm policy add src 9.9.223.245 dst 5.3.25.69 dir out tmpl src 9.9.223.245 dst 5.3.25.69 proto esp mode transport ip xfrm policy add src 5.3.25.69 dst 9.9.223.245 dir in tmpl src 5.3.25.69 dst 9.9.223.245 proto esp mode transport ``` ### FreeBSD setkey script ``` #!/usr/sbin/setkey -f flush; spdflush; add 5.3.25.69 9.9.223.245 esp 0x2000 -m transport -E aes-cbc 0xfedcba0987654321fedcba0987654321fedcba0987654321fedcba0987654321; # Inbound SA (Linux -> FreeBSD) add 9.9.223.245 5.3.25.69 esp 0x1000 -m transport -E aes-cbc 0xfedcba0987654321fedcba0987654321fedcba0987654321fedcba0987654321; spdadd 5.3.25.69 9.9.223.245 any -P out ipsec esp/transport//require; spdadd 9.9.223.245 5.3.25.69 any -P in ipsec esp/transport//require; ```