Patchwork [meta-fsl-ppc,6/6] ipsec-demo (scripts and configuration files) add recipe

login
register
mail settings
Submitter Ting Liu
Date July 24, 2014, 7:48 a.m.
Message ID <1406188097-6533-6-git-send-email-ting.liu@freescale.com>
Download mbox | patch
Permalink /patch/76559/
State Accepted
Headers show

Comments

Ting Liu - July 24, 2014, 7:48 a.m.
From: Ting Liu <b28495@freescale.com>

There are some ipsec demo scripts and configuration files for qoriq
boards. add a recipe to hold them.

Signed-off-by: Ting Liu <b28495@freescale.com>
---
 .../ipsec-demo/ipsec-demo/test_setkey/README       |   77 ++++++++++++++++++++
 .../test_setkey/auto_left.conf-3des-sha1-tunnel    |   32 ++++++++
 .../test_setkey/auto_right.conf-3des-sha1-tunnel   |   31 ++++++++
 .../ipsec-demo/ipsec-demo/test_setkey/flush-setkey |    4 +
 .../ipsec-demo/test_setkey/ipsec.conf.left         |   29 ++++++++
 .../ipsec-demo/test_setkey/ipsec.conf.right        |   28 +++++++
 .../ipsec-demo/test_setkey/ipsec.secrets.left      |    3 +
 .../ipsec-demo/test_setkey/ipsec.secrets.right     |    8 ++
 .../ipsec-demo/test_setkey/ipsec_ikev1.conf.left   |   39 ++++++++++
 .../ipsec-demo/test_setkey/ipsec_ikev1.conf.right  |   34 +++++++++
 .../test_setkey/left.conf-3des-md5-transport       |   23 ++++++
 .../test_setkey/left.conf-3des-md5-tunnel          |   42 +++++++++++
 .../test_setkey/left.conf-3des-sha1-transport      |   22 ++++++
 .../test_setkey/left.conf-3des-sha1-tunnel         |   42 +++++++++++
 .../test_setkey/left.conf-3des-sha256-transport    |   23 ++++++
 .../test_setkey/left.conf-3des-sha256-tunnel       |   42 +++++++++++
 .../test_setkey/left.conf-aes-md5-transport        |   23 ++++++
 .../test_setkey/left.conf-aes-md5-tunnel           |   42 +++++++++++
 .../test_setkey/left.conf-aes-sha1-transport       |   22 ++++++
 .../test_setkey/left.conf-aes-sha1-tunnel          |   42 +++++++++++
 .../test_setkey/left.conf-aes-sha256-transport     |   23 ++++++
 .../test_setkey/left.conf-aes-sha256-tunnel        |   42 +++++++++++
 .../test_setkey/left.conf-null-null-transport      |   23 ++++++
 .../test_setkey/left.conf-null-null-tunnel         |   42 +++++++++++
 .../ipsec-demo/ipsec-demo/test_setkey/left.ipv4    |    2 +
 .../ipsec-demo/ipsec-demo/test_setkey/moonCert.pem |   25 +++++++
 .../ipsec-demo/ipsec-demo/test_setkey/moonKey.pem  |   27 +++++++
 .../ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh |   19 +++++
 .../ipsec-demo/test_setkey/pingsizest.sh           |   19 +++++
 .../ipsec-demo/ipsec-demo/test_setkey/psk.txt      |    2 +
 .../ipsec-demo/ipsec-demo/test_setkey/racoon.conf  |   22 ++++++
 .../test_setkey/right.conf-3des-md5-transport      |   23 ++++++
 .../test_setkey/right.conf-3des-md5-tunnel         |   42 +++++++++++
 .../test_setkey/right.conf-3des-sha1-transport     |   22 ++++++
 .../test_setkey/right.conf-3des-sha1-tunnel        |   41 +++++++++++
 .../test_setkey/right.conf-3des-sha256-transport   |   23 ++++++
 .../test_setkey/right.conf-3des-sha256-tunnel      |   42 +++++++++++
 .../test_setkey/right.conf-aes-md5-transport       |   23 ++++++
 .../test_setkey/right.conf-aes-md5-tunnel          |   42 +++++++++++
 .../test_setkey/right.conf-aes-sha1-transport      |   22 ++++++
 .../test_setkey/right.conf-aes-sha1-tunnel         |   41 +++++++++++
 .../test_setkey/right.conf-aes-sha256-transport    |   23 ++++++
 .../test_setkey/right.conf-aes-sha256-tunnel       |   42 +++++++++++
 .../test_setkey/right.conf-null-null-transport     |   23 ++++++
 .../test_setkey/right.conf-null-null-tunnel        |   42 +++++++++++
 .../ipsec-demo/ipsec-demo/test_setkey/right.ipv4   |    2 +
 .../ipsec-demo/ipsec-demo/test_setkey/setup        |   47 ++++++++++++
 .../ipsec-demo/ipsec-demo/test_setkey/setup_left   |   13 ++++
 .../ipsec-demo/ipsec-demo/test_setkey/setup_right  |   13 ++++
 .../ipsec-demo/test_setkey/strongswan.conf         |   19 +++++
 .../ipsec-demo/test_setkey/strongswanCert.pem      |   22 ++++++
 .../ipsec-demo/test_setkey/strongswan_left         |   10 +++
 .../ipsec-demo/test_setkey/strongswan_right        |   10 +++
 .../ipsec-demo/ipsec-demo/test_setkey/sunCert.pem  |   25 +++++++
 .../ipsec-demo/ipsec-demo/test_setkey/sunKey.pem   |   27 +++++++
 recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb  |   25 +++++++
 56 files changed, 1518 insertions(+), 0 deletions(-)
 create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey
 create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left
 create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right
 create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left
 create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right
 create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left
 create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4
 create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem
 create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh
 create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt
 create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right
 create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf
 create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left
 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right
 create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem
 create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem
 create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb

Patch

diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README
new file mode 100644
index 0000000..9578982
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README
@@ -0,0 +1,77 @@ 
+test_setkey script usage
+
+The scripts in this directory may be used for testing
+native Linux IPsec with the talitos driver as a loadable module.
+
+It's assumed that these scripts have been placed in the directory
+named /test_setkey.
+
+The scripts setup_left and setup_right configure the ip addresses
+for two boards named 'left' and 'right', which are two gateways for
+an IPsec tunnel.  Connect the eth1 interfaces of left and right boards together.
+For smartbits testing, connect eth0 on each board to a smartbits port.
+For other testing (ping, netperf, iperf), connect eth0 on each board to another system.
+
+The scripts named left.conf-* and right.conf-* are setkey scripts
+which configure the IPsec SA and SPD entries.
+The scripts ending in -tunnel use tunnel mode IPsec, and the scripts
+ending in -transport used transport mode IPsec.
+Transport mode is useful for quickly testing security functionality
+using ping or netperf between two boards.
+Tunnel mode can be used for testing throughput using smartbits or other
+performance test equipment.
+
+There is a top level script called 'setup' which
+is used for a one-step setup on the left and right boards.
+'setup' uses two or three parameters. The first parameter is the side, left or right.
+The second parameter is the setkey suffix for the left.conf- and right.conf- files.
+If the third parameter is supplied, the setup will modprobe that name, so
+typically you should provide talitos as the third parameter if you want to load the driver.
+If you have built the talitos driver into the kernel, omit the third parameter to setup.
+You may test software encryption if talitos is built as a module and you omit the third parameter.
+
+Below are example uses of the 'setup' script.
+
+1) One-step setup for smartbits
+   Use a tunnel mode setup on each side.
+   AES-HMAC-SHA1: 
+   Left side:
+      /test_setkey/setup left aes-sha1-tunnel talitos
+   Right side:
+      /test_setkey/setup right aes-sha1-tunnel talitos
+
+   3DES-HMAC-SHA1:
+   Left side:
+      /test_setkey/setup left 3des-sha1-tunnel talitos
+   Right side:
+      /test_setkey/setup right 3des-sha1-tunnel talitos
+
+2) One-step setup for testing ping, netperf, or iperf between two boards. 
+   Use a transport mode setup on each side.
+   AES-HMAC-SHA1: 
+   Left side:
+      /test_setkey/setup left aes-sha1-transport talitos
+   Right side:
+      /test_setkey/setup right aes-sha1-transport talitos
+
+   3DES-HMAC-SHA1:
+   Left side:
+      /test_setkey/setup left 3des-sha1-transport talitos
+   Right side:
+      /test_setkey/setup right 3des-sha1-transport talitos
+
+3) Testing ipv4
+   To test ipv4 (with no security) over the two gateways, use steps below.
+   Testing ipv4 is helpful to get your smartbits configuration verified
+   and also establish a baseline performance for throughput.
+
+   On the left board:
+   cd /test_setkey
+   ./setup_left
+   ./left.ipv4
+
+   On the right board:
+   cd /test_setkey
+   ./setup_right
+   ./right.ipv4
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel
new file mode 100755
index 0000000..6bd6c5d
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel
@@ -0,0 +1,32 @@ 
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+# 			          ========= ESP =========
+# 			          |                     |
+# 	   Network-A          Gateway-A             Gateway-B           Network-B
+# 	  192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+# 	  ====== 83xx board A ======                  ===== 83xx board B =====
+#	  |                        |                  |                      |
+#	  eth0                  eth1                  eth1                eth0
+#	192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel
new file mode 100755
index 0000000..eebf307
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel
@@ -0,0 +1,31 @@ 
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+# 			          ========= ESP =========
+# 			          |                     |
+# 	   Network-A          Gateway-A             Gateway-B           Network-B
+# 	  192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+# 	  ====== 83xx board A ======                  ===== 83xx board B =====
+#	  |                        |                  |                      |
+#	  eth0                  eth1                  eth1                eth0
+#	192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey
new file mode 100755
index 0000000..0be3056
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey
@@ -0,0 +1,4 @@ 
+#!/usr/sbin/setkey -f
+
+flush;
+spdflush;
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left
new file mode 100644
index 0000000..d9d6c0c
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left
@@ -0,0 +1,29 @@ 
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+    	charondebug="chd 2, knl 2"
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	type=tunnel
+	auth=esp
+	compress=no
+	mobike=no
+
+conn net-net
+	left=200.200.200.10
+	leftsubnet=192.168.1.0/24
+	leftcert=moonCert.pem
+	leftid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+	leftfirewall=yes
+	right=200.200.200.20
+	rightsubnet=192.168.2.0/24
+	rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+	auto=add
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right
new file mode 100644
index 0000000..c14dee2
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right
@@ -0,0 +1,28 @@ 
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	charondebug="chd 2, knl 2"
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+    	keyingtries=1
+	keyexchange=ikev2
+	auth=esp
+	compress=no
+	mobike=no
+
+conn net-net 
+	left=200.200.200.20
+	leftcert=sunCert.pem
+	leftid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+	leftsubnet=192.168.2.0/24
+	leftfirewall=yes
+	right=200.200.200.10
+	rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+	rightsubnet=192.168.1.0/24
+	auto=add
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left
new file mode 100644
index 0000000..e86d6aa
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left
@@ -0,0 +1,3 @@ 
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right
new file mode 100644
index 0000000..1095b74
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right
@@ -0,0 +1,8 @@ 
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA sunKey.pem
+
+
+
+
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left
new file mode 100644
index 0000000..55025db
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left
@@ -0,0 +1,39 @@ 
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	left=200.200.200.10
+	leftcert=moonCert.pem
+	leftid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+	leftfirewall=yes
+
+conn net-net
+	left=%defaultroute
+	leftsubnet=192.168.1.0/24
+	leftcert=moonCert.pem
+	right=200.200.200.20
+	rightsubnet=192.168.2.0/24
+	rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+	auto=add
+        
+conn host-host
+	left=%defaultroute
+	leftcert=moonCert.pem
+	right=200.200.200.20
+	rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+	auto=add
+
+conn rw
+	leftsubnet=192.168.1.0/24
+	right=%any
+	auto=add
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right
new file mode 100644
index 0000000..479791e
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right
@@ -0,0 +1,34 @@ 
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	left=200.200.200.20
+	leftcert=sunCert.pem
+	leftid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+	leftfirewall=yes
+
+conn net-net
+	left=%defaultroute
+	leftsubnet=192.168.2.0/24
+	leftcert=sunCert.pem
+	right=200.200.200.10
+	rightsubnet=192.168.1.0/24
+	rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+	auto=add
+
+conn host-host
+	left=%defaultroute
+	leftcert=sunCert.pem
+	right=200.200.200.10
+	rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+	auto=add
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport
new file mode 100755
index 0000000..5422771
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport
@@ -0,0 +1,23 @@ 
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel
new file mode 100755
index 0000000..52bf9c3
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel
@@ -0,0 +1,42 @@ 
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+# 			          ========= ESP =========
+# 			          |                     |
+# 	   Network-A          Gateway-A             Gateway-B           Network-B
+# 	  192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+# 	  ====== 83xx board A ======                  ===== 83xx board B =====
+#	  |                        |                  |                      |
+#	  eth0                  eth1                  eth1                eth0
+#	192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E 3des-cbc  0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E 3des-cbc  0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport
new file mode 100755
index 0000000..e5ee005
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport
@@ -0,0 +1,22 @@ 
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel
new file mode 100755
index 0000000..eb2881d
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel
@@ -0,0 +1,42 @@ 
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+# 			          ========= ESP =========
+# 			          |                     |
+# 	   Network-A          Gateway-A             Gateway-B           Network-B
+# 	  192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+# 	  ====== 83xx board A ======                  ===== 83xx board B =====
+#	  |                        |                  |                      |
+#	  eth0                  eth1                  eth1                eth0
+#	192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E 3des-cbc  0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E 3des-cbc  0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport
new file mode 100755
index 0000000..b528632
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport
@@ -0,0 +1,23 @@ 
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc       0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc       0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel
new file mode 100755
index 0000000..e7726f0
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel
@@ -0,0 +1,42 @@ 
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+# 			          ========= ESP =========
+# 			          |                     |
+# 	   Network-A          Gateway-A             Gateway-B           Network-B
+# 	  192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+# 	  ====== 83xx board A ======                  ===== 83xx board B =====
+#	  |                        |                  |                      |
+#	  eth0                  eth1                  eth1                eth0
+#	192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
+    -E 3des-cbc       0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
+    -E 3des-cbc       0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport
new file mode 100755
index 0000000..96f5783
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport
@@ -0,0 +1,23 @@ 
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc    0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc    0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel
new file mode 100755
index 0000000..b2cf84b
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel
@@ -0,0 +1,42 @@ 
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+# 			          ========= ESP =========
+# 			          |                     |
+# 	   Network-A          Gateway-A             Gateway-B           Network-B
+# 	  192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+# 	  ====== 83xx board A ======                  ===== 83xx board B =====
+#	  |                        |                  |                      |
+#	  eth0                  eth1                  eth1                eth0
+#	192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E aes-cbc    0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E aes-cbc    0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport
new file mode 100755
index 0000000..f3ffaf5
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport
@@ -0,0 +1,22 @@ 
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel
new file mode 100755
index 0000000..1ab7874
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel
@@ -0,0 +1,42 @@ 
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+# 			          ========= ESP =========
+# 			          |                     |
+# 	   Network-A          Gateway-A             Gateway-B           Network-B
+# 	  192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+# 	  ====== 83xx board A ======                  ===== 83xx board B =====
+#	  |                        |                  |                      |
+#	  eth0                  eth1                  eth1                eth0
+#	192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E aes-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E aes-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport
new file mode 100755
index 0000000..d2645d6
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport
@@ -0,0 +1,23 @@ 
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc        0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc        0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel
new file mode 100755
index 0000000..8ed697d
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel
@@ -0,0 +1,42 @@ 
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+# 			          ========= ESP =========
+# 			          |                     |
+# 	   Network-A          Gateway-A             Gateway-B           Network-B
+# 	  192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+# 	  ====== 83xx board A ======                  ===== 83xx board B =====
+#	  |                        |                  |                      |
+#	  eth0                  eth1                  eth1                eth0
+#	192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
+    -E aes-cbc        0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
+    -E aes-cbc        0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport
new file mode 100755
index 0000000..84275d0
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport
@@ -0,0 +1,23 @@ 
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing null encryption
+# and null authentication
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E null
+    -A null;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E null
+    -A null;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel
new file mode 100755
index 0000000..478d14a
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel
@@ -0,0 +1,42 @@ 
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+# 			          ========= ESP =========
+# 			          |                     |
+# 	   Network-A          Gateway-A             Gateway-B           Network-B
+# 	  192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+# 	  ====== 83xx board A ======                  ===== 83xx board B =====
+#	  |                        |                  |                      |
+#	  eth0                  eth1                  eth1                eth0
+#	192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing null encryption
+# and null authentication
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E null
+    -A null;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E null
+    -A null;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4 b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4
new file mode 100755
index 0000000..e219f2a
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4
@@ -0,0 +1,2 @@ 
+set -v
+route add -net 192.168.2.0 netmask 255.255.255.0 gw 200.200.200.20
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem
new file mode 100644
index 0000000..d5c970f
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem
@@ -0,0 +1,25 @@ 
+-----BEGIN CERTIFICATE-----
+MIIEIjCCAwqgAwIBAgIBFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA5MDgyNzEwMDMzMloXDTE0MDgyNjEwMDMzMlowRjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u
+c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK
+L2M91Lu6BYYhWxWgMS9z9TMSTwszm5rhO7ZIsCtMRo4PAeYw+++SGXt3CPXb/+p+
+SWKGlm11rPE71eQ3ehgh2C3hAurfmWO0iQQaCw+fdreeIVCqOQIOP6UqZ327h5yY
+YpHk8VQv4vBJTpxclU1PqnWheqe1ZlLxsW773LRml/fQt/UgvJkCBTZZONLNMfK+
+7TDnYaVsAtncgvDN78nUNEe2qY92KK7SrBJ6SpUEg49m51F+XgsGcsgWVHS85on3
+Om/G48crLEVJjdu8CxewSRVgb+lPJWzHd8QsU0Vg/7vlqs3ZRMyNtNKrr4opSvVb
+A6agGlTXhDCreDiXU8KHAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE
+AwIDqDAdBgNVHQ4EFgQUapx00fiJeYn2WpTpifH6w2SdKS4wbQYDVR0jBGYwZIAU
+XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK
+ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC
+AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr
+BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCctXg2xeMozaTV
+jiBL1P8MY9uEH5JtU0EceQ1RbI5/2vGRdnECND9oADY5vamaaE2Mdq2Qh/vlXnML
+o3ii5ELjsQlYdTYZOcMOdcUUXYvbbFX1cwpkBhyBl1H25KptHcgQ/HnceKp3kOuq
+wYOYjgwePXulcpWXx0E2QtQCFQQZFPyEWeNJxH0oglg53QPXfHY9I2/Gukj5V0bz
+p7ME0Gs8KdnYdmbbDqzQgPsta96/m+HoJlsrVF+4Gqihj6BWMBQ2ybjPWZdG3oH9
+25cE8v60Ry98D0Z/tygbAUFnh5oOvaf642paVgc3aoA77I8U+UZjECxISoiHultY
+7QTufOwP
+-----END CERTIFICATE-----
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem
new file mode 100644
index 0000000..4d99866
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem
@@ -0,0 +1,27 @@ 
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAyi9jPdS7ugWGIVsVoDEvc/UzEk8LM5ua4Tu2SLArTEaODwHm
+MPvvkhl7dwj12//qfklihpZtdazxO9XkN3oYIdgt4QLq35ljtIkEGgsPn3a3niFQ
+qjkCDj+lKmd9u4ecmGKR5PFUL+LwSU6cXJVNT6p1oXqntWZS8bFu+9y0Zpf30Lf1
+ILyZAgU2WTjSzTHyvu0w52GlbALZ3ILwze/J1DRHtqmPdiiu0qwSekqVBIOPZudR
+fl4LBnLIFlR0vOaJ9zpvxuPHKyxFSY3bvAsXsEkVYG/pTyVsx3fELFNFYP+75arN
+2UTMjbTSq6+KKUr1WwOmoBpU14Qwq3g4l1PChwIDAQABAoIBACBFB/Xqajv6fbn9
+K6pxrz02uXwGmacXAtVIDoPzejWmXS4QA4l17HrJDmelSnhelDKry8nnYHkTrTz7
+mn0wQ4HDWy86o/okJUG/TKRLd6bf79aRQqqohqd3iQkHk43GyzuXH+oGioVKF0fc
+ACDWw4wfjL7FMNdHCZ4Bz9DrHO/ysHe9B6rvSYm3VZRhSxaneIkaLkkDadKpVx3f
+XNFlMxY4qKPJYYSoJZ61iMqrO7+rnA93tmyDDs8PKU3BtnpfNrdePgleJHhk8Zqy
+Ev2/NOCSUxbKE8NCtLpGTs+T0qjjnu4k3WPd3ZOBAan0uPDekHZeHB/aXGLhYcxx
+J5SurqECgYEA+F1gppkER5Jtoaudt/CUpdQ1sR9wxf75VBqJ4FiYABGQz9xlG4oj
+zL/o572s0iV3bwFpnQa+WuWrxGkP6ZuB/Z82npc0N/vLou/b4dxvg4n7K+eOOEf0
+8FMjsse2tqTIXKCqcmQnR0NPQ1jwuvEKsXP5w/JOlnRXAXnd4jxsJI0CgYEA0GaT
+61ySttUW9jC3mxuY6jkQy8TEQqR3nOFvWwmCXIWOpN/MTTPus+Telxp/pdKhU+mo
+PmX3Unyne5PvwleWDq3YzltX5ZDZGJ5UJlKuNnfGIzQ6OcHRbb7zBpQG6qSRPuug
+bgo688hTnb1L59nK88zWVK45euf6pyuoI+SwIGMCgYEA7yvE8knyhBXvezuv0z1b
+eGHmHp5/VDwY0DQKSEAoiBBiWrkLqLybgwXf/KJ8dZZc8En08aFX2GLJyYe/KiB1
+ys3ypEBJqgvRayP+o/9KZ+qNNRd0rqAksPXvL7ABNNt0kzapTSVDae3Yu6s/j1am
+DIL5qAeERIDedG5uDPpQzdUCgYB7MtjpP63ABhLv8XbpbBQnCxtByw3W89F+Xcrt
+v55gQdhE4cSuMzA/CuMH4vNpPS6AI9aBJNhj3CtKo/cOJachAGb1/wvkO5ALvLW0
+fhZdPstUTnDJain7vfF/hwzbs/PlhXgu9T9KlLfRvXFdG+Sd4g8mumRiozcLkoRw
+y6XPTwKBgDJP+s9wXmdG90HST/aqC7FKrVXLpB63dY5swNUfQP6sa0pFnON0r0JC
+h/YCsGFFIAebQ2uOkM3g3f9nkwTp7910ov+/5uThvRI2w2BBPy0mVuALPjyyF1Z2
+cb9zpyKiIuXoXRCf4sd8r1lR9bn0Fxx0Svpxf+fpMGSI5quHNBKY
+-----END RSA PRIVATE KEY-----
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh
new file mode 100755
index 0000000..faefb24
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh
@@ -0,0 +1,19 @@ 
+#!/bin/bash
+#
+# Usage: ./pingsizes.sh 1440 20 (or greater)
+#
+
+PINGDEST=${PINGDEST:-200.200.200.10}
+k=$1
+lim="$((k+$2))"
+((k-=1))
+while [ "$k" != "$lim" ] ; do
+	echo -n "ping -s $((k+=1)) : "
+	ping -i 1000 -c 1 -s $k $PINGDEST | grep packets &
+	sleep 1
+	PID=`ps -eaf | grep 'ping -i' | grep -v grep | sed 's/[ ][ ]*/ /g' | cut -d " " -f 2`
+	if [ -n "$PID" ] ; then
+		echo "****************** killing $PID"
+		kill $PID > /dev/null
+	fi
+done
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh
new file mode 100755
index 0000000..d5ff0f7
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh
@@ -0,0 +1,19 @@ 
+#!/bin/bash
+#
+# Usage: ./pingsizes.sh 1440 20 (or greater)
+#
+
+PINGDEST=${PINGDEST:-200.200.200.10}
+k=$1
+lim="$((k+$2))"
+((k-=1))
+while [ "$k" != "$lim" ] ; do
+	echo ping -s $((k+=1))
+	ping -i 1000 -c 1 -s $k $PINGDEST &
+	sleep 1
+	PID=`ps -eaf | grep 'ping -i' | sed 's/[ ][ ]*/ /g' | cut -d " " -f 2`
+	if [ -n "$PID" ] ; then
+		echo "****************** killing $PID"
+        	kill $PID
+	fi
+done
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt
new file mode 100644
index 0000000..46c1ff4
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt
@@ -0,0 +1,2 @@ 
+200.200.200.20 secretkeyracoon
+200.200.200.10 secretkeyracoon
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf
new file mode 100644
index 0000000..cf561f5
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf
@@ -0,0 +1,22 @@ 
+path pre_shared_key "/test_setkey/psk.txt" ;
+
+        remote anonymous
+        {
+                exchange_mode main ;
+                lifetime time 1 hour ;
+                proposal {
+                        encryption_algorithm 3des;
+                        hash_algorithm sha1;
+                        authentication_method pre_shared_key ;
+                        dh_group 2 ;
+                }
+        }
+
+        sainfo anonymous
+        {
+                pfs_group 2;
+                lifetime time 1 hour ;
+                encryption_algorithm 3des ;
+                authentication_algorithm hmac_sha1 ;
+                compression_algorithm deflate ;
+        }
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport
new file mode 100755
index 0000000..7f82fb4
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport
@@ -0,0 +1,23 @@ 
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel
new file mode 100755
index 0000000..5a75257
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel
@@ -0,0 +1,42 @@ 
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+# 			          ========= ESP =========
+# 			          |                     |
+# 	   Network-A          Gateway-A             Gateway-B           Network-B
+# 	  192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+# 	  ====== 83xx board A ======                  ===== 83xx board B =====
+#	  |                        |                  |                      |
+#	  eth0                  eth1                  eth1                eth0
+#	192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E 3des-cbc  0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E 3des-cbc  0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport
new file mode 100755
index 0000000..6ef885d
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport
@@ -0,0 +1,22 @@ 
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
+# Security policies
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel
new file mode 100755
index 0000000..16c3157
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel
@@ -0,0 +1,41 @@ 
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+# 			          ========= ESP =========
+# 			          |                     |
+# 	   Network-A          Gateway-A             Gateway-B           Network-B
+# 	  192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+# 	  ====== 83xx board A ======                  ===== 83xx board B =====
+#	  |                        |                  |                      |
+#	  eth0                  eth1                  eth1                eth0
+#	192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E 3des-cbc  0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E 3des-cbc  0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport
new file mode 100755
index 0000000..b977209
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport
@@ -0,0 +1,23 @@ 
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc       0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc       0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel
new file mode 100755
index 0000000..e7c5b4e
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel
@@ -0,0 +1,42 @@ 
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+# 			          ========= ESP =========
+# 			          |                     |
+# 	   Network-A          Gateway-A             Gateway-B           Network-B
+# 	  192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+# 	  ====== 83xx board A ======                  ===== 83xx board B =====
+#	  |                        |                  |                      |
+#	  eth0                  eth1                  eth1                eth0
+#	192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
+    -E 3des-cbc       0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
+    -E 3des-cbc       0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport
new file mode 100755
index 0000000..5d55d00
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport
@@ -0,0 +1,23 @@ 
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc    0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc    0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel
new file mode 100755
index 0000000..f49bd54
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel
@@ -0,0 +1,42 @@ 
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+# 			          ========= ESP =========
+# 			          |                     |
+# 	   Network-A          Gateway-A             Gateway-B           Network-B
+# 	  192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+# 	  ====== 83xx board A ======                  ===== 83xx board B =====
+#	  |                        |                  |                      |
+#	  eth0                  eth1                  eth1                eth0
+#	192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E aes-cbc    0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E aes-cbc    0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport
new file mode 100755
index 0000000..d9c65a4
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport
@@ -0,0 +1,22 @@ 
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
+# Security policies
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel
new file mode 100755
index 0000000..1f10136
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel
@@ -0,0 +1,41 @@ 
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+# 			          ========= ESP =========
+# 			          |                     |
+# 	   Network-A          Gateway-A             Gateway-B           Network-B
+# 	  192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+# 	  ====== 83xx board A ======                  ===== 83xx board B =====
+#	  |                        |                  |                      |
+#	  eth0                  eth1                  eth1                eth0
+#	192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E aes-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E aes-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport
new file mode 100755
index 0000000..817a8bd
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport
@@ -0,0 +1,23 @@ 
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc        0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc        0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel
new file mode 100755
index 0000000..9bca18f
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel
@@ -0,0 +1,42 @@ 
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+# 			          ========= ESP =========
+# 			          |                     |
+# 	   Network-A          Gateway-A             Gateway-B           Network-B
+# 	  192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+# 	  ====== 83xx board A ======                  ===== 83xx board B =====
+#	  |                        |                  |                      |
+#	  eth0                  eth1                  eth1                eth0
+#	192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
+    -E aes-cbc        0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
+    -E aes-cbc        0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport
new file mode 100755
index 0000000..26dfe2e
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport
@@ -0,0 +1,23 @@ 
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing null encryption
+# and null authentication
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E null
+    -A null;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E null
+    -A null;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel
new file mode 100755
index 0000000..bc4f38e
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel
@@ -0,0 +1,42 @@ 
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+# 			          ========= ESP =========
+# 			          |                     |
+# 	   Network-A          Gateway-A             Gateway-B           Network-B
+# 	  192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+# 	  ====== 83xx board A ======                  ===== 83xx board B =====
+#	  |                        |                  |                      |
+#	  eth0                  eth1                  eth1                eth0
+#	192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing null encryption
+# and null authentication
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E null
+    -A null;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E null
+    -A null;
+
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4 b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4
new file mode 100755
index 0000000..67cd1b2
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4
@@ -0,0 +1,2 @@ 
+set -v
+route add -net 192.168.1.0 netmask 255.255.255.0 gw 200.200.200.10
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup
new file mode 100755
index 0000000..9e6fa7f
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup
@@ -0,0 +1,47 @@ 
+# setup - quick setup for left or right side of ipsec test
+# see README for example use.
+
+SCRIPT_HOME=/test_setkey/
+cd $SCRIPT_HOME
+
+export PATH=$SCRIPT_HOME:$PATH
+
+if [ "$1" != "left" -a "$1" != "right" ] ; then
+	echo "Usage:	$0 side [config] [driver]"
+	echo "		where side is either left or right."
+	echo "		where config is either"
+	echo "			aes-sha1-tunnel (default)"
+	echo "		     or 3des-sha1-tunnel"
+	echo "		if driver is supplied, script does 'modprobe driver'"
+	exit 1
+fi
+
+SIDE=$1
+POLICY_CFG=$SIDE.conf
+DEFAULT_POLICY=aes-sha1-tunnel
+
+if [ -n "$2" ] ; then
+	POLICY=$2
+else
+	POLICY=$DEFAULT_POLICY
+fi
+
+SETKEY_FILE=$POLICY_CFG-$POLICY
+
+if [ ! -f $SETKEY_FILE ] ; then
+	echo "Missing setkey command file: $SETKEY_FILE"
+	exit 1
+fi
+
+# modprobe any driver name given as last parameter
+if [ -n "$3" ] ; then
+	modprobe $3
+fi
+
+SETUP_CMD_FILE=./setup_$SIDE
+. $SETUP_CMD_FILE
+
+$SETKEY_FILE
+
+setkey -D
+setkey -D -P
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left
new file mode 100755
index 0000000..da76909
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left
@@ -0,0 +1,13 @@ 
+# board on left setup
+set -v
+ifconfig eth0 down
+ifconfig eth0 hw ether 00:04:9F:11:22:33
+ifconfig eth0 192.168.1.130 netmask 255.255.255.0
+ifconfig eth0 up
+ifconfig eth1 down
+ifconfig eth1 hw ether 00:E0:0C:00:7D:FD
+ifconfig eth1 200.200.200.10 netmask 255.255.255.0
+ifconfig eth1 up
+arp -s 192.168.1.21 00:00:00:00:00:01
+route add default dev eth1
+echo 1 > /proc/sys/net/ipv4/ip_forward
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right
new file mode 100755
index 0000000..f0e333e
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right
@@ -0,0 +1,13 @@ 
+# board on right setup
+set -v
+ifconfig eth0 down
+ifconfig eth0 hw ether 00:E0:0C:00:01:FD
+ifconfig eth0 192.168.2.130 netmask 255.255.255.0
+ifconfig eth0 up
+ifconfig eth1 down
+ifconfig eth1 hw ether 00:E0:0C:00:00:FD
+ifconfig eth1 200.200.200.20 netmask 255.255.255.0
+ifconfig eth1 up
+arp -s 192.168.2.21 00:00:00:00:00:02
+route add default dev eth1
+echo 1 > /proc/sys/net/ipv4/ip_forward
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf
new file mode 100644
index 0000000..1701f4a
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf
@@ -0,0 +1,19 @@ 
+# strongswan.conf - strongSwan configuration file
+
+charon {
+	load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-raw updown
+  	multiple_authentication = no
+}
+
+pluto {
+
+	# plugins to load in pluto
+	#load = aes des sha1 md5 sha2 hmac gmp random pubkey
+	
+}
+
+libstrongswan {
+
+	#  set to no, the DH exponent size is optimized
+	#  dh_exponent_ansi_x9_42 = no
+}
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem
new file mode 100644
index 0000000..0865ad2
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem
@@ -0,0 +1,22 @@ 
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u
+Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y
+X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f
+FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc
+4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/
+7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5
+gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr
+K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG
+A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j
+BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw
+FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv
+b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in
+Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n
+1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y
+vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si
+7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa
+Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w=
+-----END CERTIFICATE-----
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left
new file mode 100755
index 0000000..e55c3e4
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left
@@ -0,0 +1,10 @@ 
+#strongswan on left board
+set -v
+cp -rf ipsec.conf.left /etc/ipsec.conf
+cp -rf ipsec.secrets.left /etc/ipsec.secrets
+cp -rf strongswan.conf /etc/
+cp -rf strongswanCert.pem /etc/ipsec.d/cacerts/
+cp -rf moonCert.pem /etc/ipsec.d/certs/
+mkdir /etc/ipsec.d/private
+cp -rf sunKey.pem /etc/ipsec.d/private/
+cp -rf moonKey.pem /etc/ipsec.d/private/
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right
new file mode 100755
index 0000000..bcdbb73
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right
@@ -0,0 +1,10 @@ 
+#strongswan on left board
+set -v
+cp -rf ipsec.conf.right /etc/ipsec.conf
+cp -rf ipsec.secrets.right /etc/ipsec.secrets
+cp -rf strongswan.conf /etc/
+cp -rf strongswanCert.pem /etc/ipsec.d/cacerts/
+cp -rf sunCert.pem /etc/ipsec.d/certs/
+mkdir /etc/ipsec.d/private
+cp -rf sunKey.pem /etc/ipsec.d/private/
+cp -rf moonKey.pem /etc/ipsec.d/private/
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem
new file mode 100644
index 0000000..d0937ba
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem
@@ -0,0 +1,25 @@ 
+-----BEGIN CERTIFICATE-----
+MIIEIDCCAwigAwIBAgIBFjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA5MDgyNzA5NTkwNFoXDTE0MDgyNjA5NTkwNFowRTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z
+dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+V
+VIpn6Q5jaU//EN6p6A5cSfUfhBK0mFa2laFFZh/Y0h66AXqqrQ3X917h7YNsSk68
+oowY9h9I3gOx7hNVBsJr2VjdYC+b0q5NTha09/A5mimv/prYj6o0yawxoPjoDs9Y
+h7D7Kf+F8fkgk0stlHJZX66J7dNrFXbg1xBld+Ep5Or2FbEZ9QWUpRQTuhdpNt/4
+9YuxQ59DemY9IRbwsrKCHH0mGrJsDdqeb0ap+8QvSXHjCt1fr9MNKWaAFAQLKQI4
+e0da1ntPCEQLeE833+NNRBgGufk0KqGT3eAXqrxa9AEIUJnVcPexQdqUMjcUpXFb
+8WNzRWB8Egh3BDK6FsECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgOoMB0GA1UdDgQWBBRW1p4v2qihzRlcI1PnxbZwluML+zBtBgNVHSMEZjBkgBRd
+p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
+EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
+ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y
+Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAo37LYT9Awx0MK/nA
+FZpPJqUr0Ey+O5Ukcsdx7nd00SlmpiQRY8KmuRXCBQnDEgdLstd3slQjT0pJEgWF
+0pzxybnI6eOzYAhLfhart+X1hURiNGbXjggm2s4I5+K32bVIkNEqlsYnd/6F9oo5
+ZNO0/eTTruLZfkNe/zchBGKe/Z7MacVwlYWWCbMtBV4K1d5dGcRRgpQ9WivDlmat
+Nh9wlscDSgSGk3HJkbxnq695VN7zUbDWAUvWWhV5bIDjlAR/xyT9ApqIxiyVVRul
+fYrE7U05Hbt6GgAroAKLp6qJup9+TxQAKSjKIwJ0hf7OuYyQ8TZtVHS7AOhm+T/5
+G/jGGA==
+-----END CERTIFICATE-----
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem
new file mode 100644
index 0000000..d8fad9a
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem
@@ -0,0 +1,27 @@ 
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA35VUimfpDmNpT/8Q3qnoDlxJ9R+EErSYVraVoUVmH9jSHroB
+eqqtDdf3XuHtg2xKTryijBj2H0jeA7HuE1UGwmvZWN1gL5vSrk1OFrT38DmaKa/+
+mtiPqjTJrDGg+OgOz1iHsPsp/4Xx+SCTSy2Ucllfront02sVduDXEGV34Snk6vYV
+sRn1BZSlFBO6F2k23/j1i7FDn0N6Zj0hFvCysoIcfSYasmwN2p5vRqn7xC9JceMK
+3V+v0w0pZoAUBAspAjh7R1rWe08IRAt4Tzff401EGAa5+TQqoZPd4BeqvFr0AQhQ
+mdVw97FB2pQyNxSlcVvxY3NFYHwSCHcEMroWwQIDAQABAoIBADH51hjN2zk9HVgl
+QmcTAWzcUie5cLMhrP+M9mtC8O3jcCwwFY6OwfnbMU8DHy0GMqHg5lB8b99UUVPw
+HLAzjDw/ESkc6pgZs4EEhJTsxJLsvTnePgHssEgyXnXf7gRVEqJkPohfy+Zy0UCH
+eIUQXiMlOQ7xg7iDMhwNa+UdWSt539DztSKilQn2xdPZjFnMT0/prvl4NA/8Zn54
+/SdWDq5yRdLWb6EK1V7yJ3687GXR1jzGtgy7TXuncUJVTYgX7RdP1Tn6gWD8YAQ/
+RfT0DdWYm4WHSgSb9/NW8lBZH2yy3hg+lNgofXEvTfBkO5QyW31LIr0tCV6zhJIc
+Y9MxaKUCgYEA9sktaXfhPLe0ECjdeQEOq5EKuDrCviSKCOuAV4BDSOsdw6+5LWfY
+Vb/oke8N70lL3RCblcj1pOKWUi2O/SpEJdDRduiw2gM9cXt3/bChSTHC4TsIxxN/
+Db9OGg72kZ4sRY5Au+zyAAQYBwXhFWux194Jk5qK0JblNG9J5QMqZDcCgYEA5+5h
+BgHUMEO+pdME5lAiSc5PcNTejpA6j+OikCh4/HFXy3C/dLx+Cs1+egw64c8iVaIv
+NEo7n7E9I0e3XqanPRXhMnBRrP+39OVsWPmZ18Li2Hi84KwJyi8Y11l3XJOqaYpF
+wMVUuZpxR0dfG5k/5GwT/tEkmQBglOgG3m2zUMcCgYEA4m3Vd9ahV5dp5AXKpzKc
+JjiPMFfhxJo7+FEz0ZUCp03qYljBu/Jy4MKS/grrqyiCLdQGHNlk4SNxLvdUId78
+5gGBnuuDEJU2dAAIKUE9yq2YlBUZSacOxStI2snt28/X6P3LUWHm7LLU5OS1D3Vf
+mKPF/6MlSJuas5CEqVZNN+MCgYBH9Qh7IaQgmVQUBKVXg3Mv7OduvUyTdKIGtHxi
+N3xZ7hxsDP4JjNWaKmlcGmFGX8pqQRheI83d3NJ4GK8GmbP3Wst0p65fezMqsudr
+r30QmPFicgs/tYCQDw6o+aPzwAi2F+VOSqrfrtAIaldSq7hL+VA21dKB+cD9UgOX
+jPd+TwKBgQCbKeg2QNS2qhPIG9eaqJDROuxmxb/07d7OBctgMgxVvKhqW9hW42Sy
+gJ59fyz5QjFBaSfcOdf4gkKyEawVo45/q6ymIQU37R4vF4CW9Z3CfaIbwJp7LcHV
+zH07so/HNsZua6GWCSCLJU5MeCRiZzk2RFiS9KIaLP4gZndv4lXOiQ==
+-----END RSA PRIVATE KEY-----
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb b/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb
new file mode 100644
index 0000000..5607060
--- /dev/null
+++ b/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb
@@ -0,0 +1,25 @@ 
+SUMMARY = "Scripts and configuration files for ipsec demo"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+RDEPENDS_${PN} = "ipsec-tools"
+
+inherit allarch
+
+SRC_URI = "file://test_setkey"
+
+do_configure() {
+    :
+}
+
+do_compile() {
+    :
+}
+
+do_install(){
+    install -d  ${D}${datadir}
+    cp -a ${WORKDIR}/test_setkey ${D}${datadir}/
+}
+
+FILES_${PN} = "${datadir}/*"
+