Suppose we have two boxes, A and B, and we want to establish IPsec between them.
Here's how:
#!/bin/ksh # args: This script takes two arguments: # - The first one is the IP address of the box that is to # run it on. # - The second one is the IP address of the box that this # box is to establish IPsec connection to. Myself=$1 Remote=$2 # The following two lines are to clean the database. # They're here simply to demonstrate the "hello world" level # connection. # setkey -FP setkey -F # Use setkey to input all of the SA content. setkey -c << EOF spdadd $Myself $Remote any -P out ipsec esp/transport/$Myself-$Remote/require; spdadd $Remote $Myself any -P in ipsec esp/transport/$Remote-$Myself/require; add $Myself $Remote esp 1234 -m any -E 3des-cbc "KeyIsTwentyFourBytesLong"; add $Remote $Myself esp 1234 -m any -E 3des-cbc "KeyIsTwentyFourBytesLong"; EOF
Now you can check the connection by pinging each box from the other. You can get the IPsec status by using setkey -PD.