#!/usr/sbin/setkey -f

## maszyna A (172.20.253.237)
flush;
spdflush;

## SA ESP: A->B
add 172.20.253.237 172.20.252.198 esp 0x3000 -E aes-cbc 0xaa223344556677889900aabbccddeeff;
## SA ESP: B->A
add 172.20.252.198 172.20.253.237 esp 0x4000 -E aes-cbc 0xbb223344556677889900aabbccddeeff;

## SA AH: A->B
add 172.20.253.237 172.20.252.198 ah 0x5000 -A hmac-sha1 0x00112233445566778899aabbccddeeff00112233;
## SA AH: B->A
add 172.20.252.198 172.20.253.237 ah 0x6000 -A hmac-sha1 0x00112233445566778899aabbccddeeff00112233;

## SPD: zabezpiecz pakiety ESP i AH w trybie transportowym
spdadd 172.20.253.237 172.20.252.198 any -P out ipsec esp/transport//require ah/transport//require;
spdadd 172.20.252.198 172.20.253.237 any -P in ipsec esp/transport//require ah/transport//require;