IPSec Samples (Windows Embedded CE 6.0)
1/6/2010
Windows Embedded CE includes ipsecfg, a sample configuration tool for IPSec. Ipseccfg is located in the %_WINCEROOT%\common\oak\drivers\netsamp\ipseccfg directory.
You can use this sample to create a customized configuration tool and user interface.
The syntax for the IPSec utility is as follows:
[loadpolicyFile] [unloadpolicyName]startonlystartsetresetstoploglevellogmethod
Parameters
- load policyFile
Loads the IPSec policy from file policyFile into registry. The policy details are stored under the HKEY_LOCAL_MACHINE\Comm\IPSec\Policies\[Name of Policy] registry key. For more information about the policy file, see the Remarks section.
- unloadpolicyName
Removes the entries for policyName from the registry.
- startonly
Starts IPSec with no policy set.
- start[policyName]
Starts IPSec and sets a policy by reading the policy information for policyName that is stored in the registry.
- set[policyName]
Sets a policy by reading that policy information that is stored for policyName in the registry. IPSec should already be started when this command is run.
- reset[me/myip/ip]
Resets the policy according to the source Internet Protocol (IP) address that is specified. For the me option, the source IP address = 0, for the myip option, the source IP address is the first IP address that is returned from a call to gethostbyname (localhost).
- stop
Stops IPSec. If IPSec is shut down, all policies that were set before will be reset.
- loglevel[none/err/warn/diag/pss/trace/verb
Sets the IPSec logging level.
- logmethod[celog/debug]
Sets the IPSec logging method
Remarks
The policy file is a .txt file that contains policy-specific information as shown in the following example:
Sample policyFile
;Sample
policy=sample
inaction=1
outaction=2
auth=2
info= CN=Sample Root CA;
mmhash=7
mmenc=7
qmhash=7
qmenc=4
dh=3
protocol=0
flags=0
srcip=myip