Creating a manual tunnel on the first host

Edit online

You can configure a tunnel using the SMITips4_basic fast path (for IP Version 4), the SMIT ips6_basic fast path (for IP version 6) or you can create the tunnel manually using the following procedure.

The following is a sample of the gentun command used to create a manual tunnel:

gentun -v 4 -t manual -s 5.5.5.19 -d 5.5.5.8 \
   -a HMAC_MD5 -e DES_CBC_8 -N 23567

You can use the lstun -v 4 command to list the characteristics of the manual tunnel created by the previous example. The output looks similar to the following example:

Tunnel ID            : 1
IP Version           : IP Version 4
Source               : 5.5.5.19
Destination          : 5.5.5.8
Policy               : auth/encr
Tunnel Mode          : Tunnel
Send AH Algo         : HMAC_MD5
Send ESP Algo        : DES_CBC_8
Receive AH Algo      : HMAC_MD5
Receive ESP Algo     : DES_CBC_8
Source AH SPI        : 300
Source ESP SPI       : 300
Dest AH SPI          : 23576
Dest ESP SPI         : 23576
Tunnel Life Time     : 480
Status               : Inactive
Target               : -
Target Mask          : -
Replay               : No
New Header           : Yes
Snd ENC-MAC Algo     : -
Rcv ENC-MAC Algo     : -

To activate the tunnel, type the following code:

mktun -v 4 -t1
The filter rules associated with the tunnel are automatically generated.
To view the filter rules, use the lsfilt -v 4 command. The output looks similar to the following example: 
Rule 4:
Rule action           : permit
Source Address        : 5.5.5.19
Source Mask           : 255.255.255.255
Destination Address   : 5.5.5.8
Destination Mask      : 255.255.255.255
Source Routing        : yes
Protocol              : all
Source Port           : any 0
Destination Port      : any 0
Scope                 : both
Direction             : outbound
Logging control       : no
Fragment control      : all packets
Tunnel ID number      : 1
Interface             : all
Auto-Generated        : yes

Rule 5:
Rule action           : permit
Source Address        : 5.5.5.8
Source Mask           : 255.255.255.255
Destination Address   : 5.5.5.19
Destination Mask      : 255.255.255.255
Source Routing        : yes
Protocol              : all
Source Port           : any 0
Destination Port      : any 0
Scope                 : both
Direction             : inbound
Logging control       : no
Fragment control      : all packets
Tunnel ID number      : 1
Interface             : all
Auto-Generated        : yes

To activate the filter rules, including the default filter rules, use the mktun -v 4 -t 1 command.

To set up the other side (when it is another machine using this operating system), the tunnel definition can be exported on host A and then imported to host B.

The following command exports the tunnel definition into a file named ipsec_tun_manu.exp and any associated filter rules to the file ipsec_fltr_rule.exp in the directory indicated by the -f flag: 
 exptun -v 4 -t 1 -f /tmp