#!/bin/sh
# setup one mobile host for 2-way ESP only.
# setkey(8) used
# basic idea: tunnel everything out to home agent
# tunnel everything in from home agent
# the MN is 10.0.0.1
# the HA is 10.0.0.2
# change those addresses as needed
 
# 1st spdadd -- 10.0.0.1 to default route (MN)
# 2nd spdadd -- IP IPSEC tunnel coming in from HA
# these keys may not be good :->
setkey -c <<EOF
spdadd 10.0.0.1/32 0.0.0.0/0 any -P out ipsec
esp/tunnel/10.0.0.1-10.0.0.2/require;
spdadd 10.0.0.2/32 10.0.0.1/32 any -P in ipsec
esp/tunnel/10.0.0.2-10.0.0.1/require;
add 10.0.0.1 10.0.0.2 esp 7000 -E blowfish-cbc "beefdeadbeefdeadbeefdead";
add 10.0.0.2 10.0.0.1 esp 7001 -E blowfish-cbc "deadbeefdeadbeefdeadbeef";
EOF