#!/usr/sbin/setkey -f

## maszyna A (172.20.253.237)
flush;
spdflush;

## SA: A->B
add 172.20.253.237 172.20.252.198 esp 0x1000 -E aes-cbc 0xaa223344556677889900aabbccddeeff -A hmac-sha1 0x00112233445566778899aabbccddeeff00112233;
## SA: B->A
add 172.20.252.198 172.20.253.237 esp 0x2000 -E aes-cbc 0xbb223344556677889900aabbccddeeff -A hmac-sha1 0x11223344556677889900aabbccddeeff00112233;

## SPD: zabezpiecz wszystkie pakiety ESP w trybie transportowym
spdadd 172.20.253.237 172.20.252.198 any -P out ipsec esp/transport//require;
spdadd 172.20.252.198 172.20.253.237 any -P in ipsec esp/transport//require;