#!/usr/sbin/setkey -f

# Configuration for enki (203.217.29.45) to achor (203.217.29.33)
# This is the enki side

# Flush the SAD and SPD
flush;
spdflush;

# Create the ESP session with encryption and authentication.
add 203.217.29.45 203.217.29.33 esp 0x100 -m tunnel
        -E blowfish-cbc  0xf4aaa016e85dcec8318f10b97aa237cf07a95734f53849d0bf461961ff3d828c 
        -A hmac-sha2-256 0x8338aca85649969d95765c96a17a622629752b095acfd80595b7e72da45264d2 
        ;

add 203.217.29.33 203.217.29.45 esp 0x101 -m tunnel
        -E blowfish-cbc  0xa55be4391df590938e00ce616eef526d7404fb9a4a8ee2077152e16ef41117bc
        -A hmac-sha2-256 0xb4ead5d3fdee487c81846155fed01ade8783900b5b8a2c9c50884db0459c6990
        ;


# Create the security policy that encrypts packets heading to the firewall.
# This is just a point-to-point link, for the moment, for ICMP only.
spdadd 203.217.29.45 203.217.29.33 icmp -P out ipsec
        esp/tunnel/203.217.29.45-203.217.29.33/require;

spdadd 203.217.29.33 203.217.29.45 icmp -P in ipsec
        esp/tunnel/203.217.29.33-203.217.29.45/require;