62 files changed, 1837 insertions, 0 deletions

diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README
new file mode 100644
index 000000000..9578982d0
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README
@@ -0,0 +1,77 @@
+test_setkey script usage
+
+The scripts in this directory may be used for testing
+native Linux IPsec with the talitos driver as a loadable module.
+
+It's assumed that these scripts have been placed in the directory
+named /test_setkey.
+
+The scripts setup_left and setup_right configure the ip addresses
+for two boards named 'left' and 'right', which are two gateways for
+an IPsec tunnel.  Connect the eth1 interfaces of left and right boards together.
+For smartbits testing, connect eth0 on each board to a smartbits port.
+For other testing (ping, netperf, iperf), connect eth0 on each board to another system.
+
+The scripts named left.conf-* and right.conf-* are setkey scripts
+which configure the IPsec SA and SPD entries.
+The scripts ending in -tunnel use tunnel mode IPsec, and the scripts
+ending in -transport used transport mode IPsec.
+Transport mode is useful for quickly testing security functionality
+using ping or netperf between two boards.
+Tunnel mode can be used for testing throughput using smartbits or other
+performance test equipment.
+
+There is a top level script called 'setup' which
+is used for a one-step setup on the left and right boards.
+'setup' uses two or three parameters. The first parameter is the side, left or right.
+The second parameter is the setkey suffix for the left.conf- and right.conf- files.
+If the third parameter is supplied, the setup will modprobe that name, so
+typically you should provide talitos as the third parameter if you want to load the driver.
+If you have built the talitos driver into the kernel, omit the third parameter to setup.
+You may test software encryption if talitos is built as a module and you omit the third parameter.
+
+Below are example uses of the 'setup' script.
+
+1) One-step setup for smartbits
+   Use a tunnel mode setup on each side.
+   AES-HMAC-SHA1: 
+   Left side:
+      /test_setkey/setup left aes-sha1-tunnel talitos
+   Right side:
+      /test_setkey/setup right aes-sha1-tunnel talitos
+
+   3DES-HMAC-SHA1:
+   Left side:
+      /test_setkey/setup left 3des-sha1-tunnel talitos
+   Right side:
+      /test_setkey/setup right 3des-sha1-tunnel talitos
+
+2) One-step setup for testing ping, netperf, or iperf between two boards. 
+   Use a transport mode setup on each side.
+   AES-HMAC-SHA1: 
+   Left side:
+      /test_setkey/setup left aes-sha1-transport talitos
+   Right side:
+      /test_setkey/setup right aes-sha1-transport talitos
+
+   3DES-HMAC-SHA1:
+   Left side:
+      /test_setkey/setup left 3des-sha1-transport talitos
+   Right side:
+      /test_setkey/setup right 3des-sha1-transport talitos
+
+3) Testing ipv4
+   To test ipv4 (with no security) over the two gateways, use steps below.
+   Testing ipv4 is helpful to get your smartbits configuration verified
+   and also establish a baseline performance for throughput.
+
+   On the left board:
+   cd /test_setkey
+   ./setup_left
+   ./left.ipv4
+
+   On the right board:
+   cd /test_setkey
+   ./setup_right
+   ./right.ipv4
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel
new file mode 100755
index 000000000..6bd6c5d83
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel
@@ -0,0 +1,32 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel
new file mode 100755
index 000000000..eebf307ae
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel
@@ -0,0 +1,31 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey
new file mode 100755
index 000000000..0be30562c
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey
@@ -0,0 +1,4 @@
+#!/usr/sbin/setkey -f
+
+flush;
+spdflush;
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left
new file mode 100644
index 000000000..d9d6c0c61
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left
@@ -0,0 +1,29 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        charondebug="chd 2, knl 2"
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        plutostart=no
+
+conn %default
+        ikelifetime=60m
+        keylife=20m
+        rekeymargin=3m
+        keyingtries=1
+        keyexchange=ikev2
+        type=tunnel
+        auth=esp
+        compress=no
+        mobike=no
+
+conn net-net
+        left=200.200.200.10
+        leftsubnet=192.168.1.0/24
+        leftcert=moonCert.pem
+        leftid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+        leftfirewall=yes
+        right=200.200.200.20
+        rightsubnet=192.168.2.0/24
+        rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+        auto=add
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right
new file mode 100644
index 000000000..c14dee2b4
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right
@@ -0,0 +1,28 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        charondebug="chd 2, knl 2"
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        plutostart=no
+
+conn %default
+        ikelifetime=60m
+        keylife=20m
+        rekeymargin=3m
+        keyingtries=1
+        keyexchange=ikev2
+        auth=esp
+        compress=no
+        mobike=no
+
+conn net-net 
+        left=200.200.200.20
+        leftcert=sunCert.pem
+        leftid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+        leftsubnet=192.168.2.0/24
+        leftfirewall=yes
+        right=200.200.200.10
+        rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+        rightsubnet=192.168.1.0/24
+        auto=add
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left
new file mode 100644
index 000000000..e86d6aa5c
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right
new file mode 100644
index 000000000..1095b74cc
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right
@@ -0,0 +1,8 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA sunKey.pem
+
+
+
+
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left
new file mode 100644
index 000000000..55025dbc8
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left
@@ -0,0 +1,39 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        plutodebug=control
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        charonstart=no
+
+conn %default
+        ikelifetime=60m
+        keylife=20m
+        rekeymargin=3m
+        keyingtries=1
+        keyexchange=ikev1
+        left=200.200.200.10
+        leftcert=moonCert.pem
+        leftid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+        leftfirewall=yes
+
+conn net-net
+        left=%defaultroute
+        leftsubnet=192.168.1.0/24
+        leftcert=moonCert.pem
+        right=200.200.200.20
+        rightsubnet=192.168.2.0/24
+        rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+        auto=add
+        
+conn host-host
+        left=%defaultroute
+        leftcert=moonCert.pem
+        right=200.200.200.20
+        rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+        auto=add
+
+conn rw
+        leftsubnet=192.168.1.0/24
+        right=%any
+        auto=add
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right
new file mode 100644
index 000000000..479791ea2
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right
@@ -0,0 +1,34 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        plutodebug=control
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        charonstart=no
+
+conn %default
+        ikelifetime=60m
+        keylife=20m
+        rekeymargin=3m
+        keyingtries=1
+        keyexchange=ikev1
+        left=200.200.200.20
+        leftcert=sunCert.pem
+        leftid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+        leftfirewall=yes
+
+conn net-net
+        left=%defaultroute
+        leftsubnet=192.168.2.0/24
+        leftcert=sunCert.pem
+        right=200.200.200.10
+        rightsubnet=192.168.1.0/24
+        rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+        auto=add
+
+conn host-host
+        left=%defaultroute
+        leftcert=sunCert.pem
+        right=200.200.200.10
+        rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+        auto=add
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport
new file mode 100755
index 000000000..5422771bb
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel
new file mode 100755
index 000000000..52bf9c3fb
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E 3des-cbc  0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E 3des-cbc  0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport
new file mode 100755
index 000000000..e5ee00541
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport
@@ -0,0 +1,22 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel
new file mode 100755
index 000000000..eb2881dbd
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E 3des-cbc  0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E 3des-cbc  0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport
new file mode 100755
index 000000000..b5286320a
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc       0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc       0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel
new file mode 100755
index 000000000..e7726f088
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
+    -E 3des-cbc       0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
+    -E 3des-cbc       0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport
new file mode 100755
index 000000000..96f578370
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc    0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc    0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel
new file mode 100755
index 000000000..b2cf84bf5
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E aes-cbc    0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E aes-cbc    0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport
new file mode 100755
index 000000000..f3ffaf5cf
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport
@@ -0,0 +1,22 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel
new file mode 100755
index 000000000..1ab7874f8
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E aes-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E aes-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport
new file mode 100755
index 000000000..d2645d6f2
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc        0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc        0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel
new file mode 100755
index 000000000..8ed697d1d
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
+    -E aes-cbc        0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
+    -E aes-cbc        0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport
new file mode 100755
index 000000000..84275d07a
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.10
+
+flush;
+spdflush;
+
+# ESP SAs doing null encryption
+# and null authentication
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E null
+    -A null;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E null
+    -A null;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
+        esp/transport//require;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel
new file mode 100755
index 000000000..478d14a84
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
+#
+# Security policies
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+
+# ESP SAs doing null encryption
+# and null authentication
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E null
+    -A null;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E null
+    -A null;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4 b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4
new file mode 100755
index 000000000..e219f2adc
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4
@@ -0,0 +1,2 @@
+set -v
+route add -net 192.168.2.0 netmask 255.255.255.0 gw 200.200.200.20
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem
new file mode 100644
index 000000000..d5c970f41
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIjCCAwqgAwIBAgIBFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA5MDgyNzEwMDMzMloXDTE0MDgyNjEwMDMzMlowRjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u
+c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK
+L2M91Lu6BYYhWxWgMS9z9TMSTwszm5rhO7ZIsCtMRo4PAeYw+++SGXt3CPXb/+p+
+SWKGlm11rPE71eQ3ehgh2C3hAurfmWO0iQQaCw+fdreeIVCqOQIOP6UqZ327h5yY
+YpHk8VQv4vBJTpxclU1PqnWheqe1ZlLxsW773LRml/fQt/UgvJkCBTZZONLNMfK+
+7TDnYaVsAtncgvDN78nUNEe2qY92KK7SrBJ6SpUEg49m51F+XgsGcsgWVHS85on3
+Om/G48crLEVJjdu8CxewSRVgb+lPJWzHd8QsU0Vg/7vlqs3ZRMyNtNKrr4opSvVb
+A6agGlTXhDCreDiXU8KHAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE
+AwIDqDAdBgNVHQ4EFgQUapx00fiJeYn2WpTpifH6w2SdKS4wbQYDVR0jBGYwZIAU
+XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK
+ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC
+AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr
+BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCctXg2xeMozaTV
+jiBL1P8MY9uEH5JtU0EceQ1RbI5/2vGRdnECND9oADY5vamaaE2Mdq2Qh/vlXnML
+o3ii5ELjsQlYdTYZOcMOdcUUXYvbbFX1cwpkBhyBl1H25KptHcgQ/HnceKp3kOuq
+wYOYjgwePXulcpWXx0E2QtQCFQQZFPyEWeNJxH0oglg53QPXfHY9I2/Gukj5V0bz
+p7ME0Gs8KdnYdmbbDqzQgPsta96/m+HoJlsrVF+4Gqihj6BWMBQ2ybjPWZdG3oH9
+25cE8v60Ry98D0Z/tygbAUFnh5oOvaf642paVgc3aoA77I8U+UZjECxISoiHultY
+7QTufOwP
+-----END CERTIFICATE-----
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem
new file mode 100644
index 000000000..4d99866f7
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAyi9jPdS7ugWGIVsVoDEvc/UzEk8LM5ua4Tu2SLArTEaODwHm
+MPvvkhl7dwj12//qfklihpZtdazxO9XkN3oYIdgt4QLq35ljtIkEGgsPn3a3niFQ
+qjkCDj+lKmd9u4ecmGKR5PFUL+LwSU6cXJVNT6p1oXqntWZS8bFu+9y0Zpf30Lf1
+ILyZAgU2WTjSzTHyvu0w52GlbALZ3ILwze/J1DRHtqmPdiiu0qwSekqVBIOPZudR
+fl4LBnLIFlR0vOaJ9zpvxuPHKyxFSY3bvAsXsEkVYG/pTyVsx3fELFNFYP+75arN
+2UTMjbTSq6+KKUr1WwOmoBpU14Qwq3g4l1PChwIDAQABAoIBACBFB/Xqajv6fbn9
+K6pxrz02uXwGmacXAtVIDoPzejWmXS4QA4l17HrJDmelSnhelDKry8nnYHkTrTz7
+mn0wQ4HDWy86o/okJUG/TKRLd6bf79aRQqqohqd3iQkHk43GyzuXH+oGioVKF0fc
+ACDWw4wfjL7FMNdHCZ4Bz9DrHO/ysHe9B6rvSYm3VZRhSxaneIkaLkkDadKpVx3f
+XNFlMxY4qKPJYYSoJZ61iMqrO7+rnA93tmyDDs8PKU3BtnpfNrdePgleJHhk8Zqy
+Ev2/NOCSUxbKE8NCtLpGTs+T0qjjnu4k3WPd3ZOBAan0uPDekHZeHB/aXGLhYcxx
+J5SurqECgYEA+F1gppkER5Jtoaudt/CUpdQ1sR9wxf75VBqJ4FiYABGQz9xlG4oj
+zL/o572s0iV3bwFpnQa+WuWrxGkP6ZuB/Z82npc0N/vLou/b4dxvg4n7K+eOOEf0
+8FMjsse2tqTIXKCqcmQnR0NPQ1jwuvEKsXP5w/JOlnRXAXnd4jxsJI0CgYEA0GaT
+61ySttUW9jC3mxuY6jkQy8TEQqR3nOFvWwmCXIWOpN/MTTPus+Telxp/pdKhU+mo
+PmX3Unyne5PvwleWDq3YzltX5ZDZGJ5UJlKuNnfGIzQ6OcHRbb7zBpQG6qSRPuug
+bgo688hTnb1L59nK88zWVK45euf6pyuoI+SwIGMCgYEA7yvE8knyhBXvezuv0z1b
+eGHmHp5/VDwY0DQKSEAoiBBiWrkLqLybgwXf/KJ8dZZc8En08aFX2GLJyYe/KiB1
+ys3ypEBJqgvRayP+o/9KZ+qNNRd0rqAksPXvL7ABNNt0kzapTSVDae3Yu6s/j1am
+DIL5qAeERIDedG5uDPpQzdUCgYB7MtjpP63ABhLv8XbpbBQnCxtByw3W89F+Xcrt
+v55gQdhE4cSuMzA/CuMH4vNpPS6AI9aBJNhj3CtKo/cOJachAGb1/wvkO5ALvLW0
+fhZdPstUTnDJain7vfF/hwzbs/PlhXgu9T9KlLfRvXFdG+Sd4g8mumRiozcLkoRw
+y6XPTwKBgDJP+s9wXmdG90HST/aqC7FKrVXLpB63dY5swNUfQP6sa0pFnON0r0JC
+h/YCsGFFIAebQ2uOkM3g3f9nkwTp7910ov+/5uThvRI2w2BBPy0mVuALPjyyF1Z2
+cb9zpyKiIuXoXRCf4sd8r1lR9bn0Fxx0Svpxf+fpMGSI5quHNBKY
+-----END RSA PRIVATE KEY-----
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh
new file mode 100755
index 000000000..faefb2459
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+#
+# Usage: ./pingsizes.sh 1440 20 (or greater)
+#
+
+PINGDEST=${PINGDEST:-200.200.200.10}
+k=$1
+lim="$((k+$2))"
+((k-=1))
+while [ "$k" != "$lim" ] ; do
+        echo -n "ping -s $((k+=1)) : "
+        ping -i 1000 -c 1 -s $k $PINGDEST | grep packets &
+        sleep 1
+        PID=`ps -eaf | grep 'ping -i' | grep -v grep | sed 's/[ ][ ]*/ /g' | cut -d " " -f 2`
+        if [ -n "$PID" ] ; then
+                echo "****************** killing $PID"
+                kill $PID > /dev/null
+        fi
+done
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh
new file mode 100755
index 000000000..d5ff0f7db
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+#
+# Usage: ./pingsizes.sh 1440 20 (or greater)
+#
+
+PINGDEST=${PINGDEST:-200.200.200.10}
+k=$1
+lim="$((k+$2))"
+((k-=1))
+while [ "$k" != "$lim" ] ; do
+        echo ping -s $((k+=1))
+        ping -i 1000 -c 1 -s $k $PINGDEST &
+        sleep 1
+        PID=`ps -eaf | grep 'ping -i' | sed 's/[ ][ ]*/ /g' | cut -d " " -f 2`
+        if [ -n "$PID" ] ; then
+                echo "****************** killing $PID"
+                kill $PID
+        fi
+done
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt
new file mode 100644
index 000000000..46c1ff41f
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt
@@ -0,0 +1,2 @@
+200.200.200.20 secretkeyracoon
+200.200.200.10 secretkeyracoon
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf
new file mode 100644
index 000000000..cf561f51e
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf
@@ -0,0 +1,22 @@
+path pre_shared_key "/test_setkey/psk.txt" ;
+
+        remote anonymous
+        {
+                exchange_mode main ;
+                lifetime time 1 hour ;
+                proposal {
+                        encryption_algorithm 3des;
+                        hash_algorithm sha1;
+                        authentication_method pre_shared_key ;
+                        dh_group 2 ;
+                }
+        }
+
+        sainfo anonymous
+        {
+                pfs_group 2;
+                lifetime time 1 hour ;
+                encryption_algorithm 3des ;
+                authentication_algorithm hmac_sha1 ;
+                compression_algorithm deflate ;
+        }
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport
new file mode 100755
index 000000000..7f82fb466
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel
new file mode 100755
index 000000000..5a7525797
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E 3des-cbc  0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E 3des-cbc  0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport
new file mode 100755
index 000000000..6ef885d44
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport
@@ -0,0 +1,22 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
+# Security policies
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel
new file mode 100755
index 000000000..16c31578e
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel
@@ -0,0 +1,41 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E 3des-cbc  0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E 3des-cbc  0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport
new file mode 100755
index 000000000..b97720923
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E 3des-cbc       0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E 3des-cbc       0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel
new file mode 100755
index 000000000..e7c5b4e64
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
+    -E 3des-cbc       0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
+    -E 3des-cbc       0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport
new file mode 100755
index 000000000..5d55d0014
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc    0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc    0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel
new file mode 100755
index 000000000..f49bd54a0
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-md5 authentication using 128 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E aes-cbc    0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-md5   0xd5f603abc8cd9d19319ca32fb955b10f;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E aes-cbc    0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-md5   0x1dd90b4c32dcbe9d37b555a23df5170e;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport
new file mode 100755
index 000000000..d9c65a45c
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport
@@ -0,0 +1,22 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
+# Security policies
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel
new file mode 100755
index 000000000..1f10136a7
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel
@@ -0,0 +1,41 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha1 authentication using 160 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E aes-cbc   0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E aes-cbc   0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport
new file mode 100755
index 000000000..817a8bd4e
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E aes-cbc        0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E aes-cbc        0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel
new file mode 100755
index 000000000..9bca18fb6
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board A setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
+# and hmac-sha2-256 authentication using 256 bit long keys
+add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
+    -E aes-cbc        0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 
+    -A hmac-sha2-256  0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
+    -E aes-cbc        0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df 
+    -A hmac-sha2-256  0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport
new file mode 100755
index 000000000..26dfe2e17
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport
@@ -0,0 +1,23 @@
+#!/usr/sbin/setkey -f
+#I am 200.200.200.20
+
+flush;
+spdflush;
+
+# ESP SAs doing null encryption
+# and null authentication
+add 200.200.200.10 200.200.200.20 esp 0x10513 
+    -E null
+    -A null;
+
+add 200.200.200.20 200.200.200.10 esp 0x10514 
+    -E null
+    -A null;
+
+
+spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
+        esp/transport//require;
+
+spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
+        esp/transport//require;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel
new file mode 100755
index 000000000..bc4f38ebd
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel
@@ -0,0 +1,42 @@
+#!/usr/sbin/setkey -f
+#
+#
+# Example ESP Tunnel for VPN.
+# 
+#                                 ========= ESP =========
+#                                 |                     |
+#          Network-A          Gateway-A             Gateway-B           Network-B
+#         192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
+# 
+#         ====== 83xx board A ======                  ===== 83xx board B =====
+#         |                        |                  |                      |
+#         eth0                  eth1                  eth1                eth0
+#       192.168.1.130         200.200.200.10          200.200.200.20      192.168.2.130         
+# 
+# 
+# Board B setup
+#
+# Flush the SAD and SPD
+flush;
+spdflush;
+
+# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
+#
+# Security policies
+spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
+       esp/tunnel/200.200.200.20-200.200.200.10/require;
+
+spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
+       esp/tunnel/200.200.200.10-200.200.200.20/require;
+
+
+# ESP SAs doing null encryption
+# and null authentication
+add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
+    -E null
+    -A null;
+
+add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
+    -E null
+    -A null;
+
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4 b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4
new file mode 100755
index 000000000..67cd1b2cf
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4
@@ -0,0 +1,2 @@
+set -v
+route add -net 192.168.1.0 netmask 255.255.255.0 gw 200.200.200.10
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup
new file mode 100755
index 000000000..9e6fa7fa9
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup
@@ -0,0 +1,47 @@
+# setup - quick setup for left or right side of ipsec test
+# see README for example use.
+
+SCRIPT_HOME=/test_setkey/
+cd $SCRIPT_HOME
+
+export PATH=$SCRIPT_HOME:$PATH
+
+if [ "$1" != "left" -a "$1" != "right" ] ; then
+        echo "Usage:    $0 side [config] [driver]"
+        echo "          where side is either left or right."
+        echo "          where config is either"
+        echo "                  aes-sha1-tunnel (default)"
+        echo "               or 3des-sha1-tunnel"
+        echo "          if driver is supplied, script does 'modprobe driver'"
+        exit 1
+fi
+
+SIDE=$1
+POLICY_CFG=$SIDE.conf
+DEFAULT_POLICY=aes-sha1-tunnel
+
+if [ -n "$2" ] ; then
+        POLICY=$2
+else
+        POLICY=$DEFAULT_POLICY
+fi
+
+SETKEY_FILE=$POLICY_CFG-$POLICY
+
+if [ ! -f $SETKEY_FILE ] ; then
+        echo "Missing setkey command file: $SETKEY_FILE"
+        exit 1
+fi
+
+# modprobe any driver name given as last parameter
+if [ -n "$3" ] ; then
+        modprobe $3
+fi
+
+SETUP_CMD_FILE=./setup_$SIDE
+. $SETUP_CMD_FILE
+
+$SETKEY_FILE
+
+setkey -D
+setkey -D -P
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left
new file mode 100755
index 000000000..da7690996
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left
@@ -0,0 +1,13 @@
+# board on left setup
+set -v
+ifconfig eth0 down
+ifconfig eth0 hw ether 00:04:9F:11:22:33
+ifconfig eth0 192.168.1.130 netmask 255.255.255.0
+ifconfig eth0 up
+ifconfig eth1 down
+ifconfig eth1 hw ether 00:E0:0C:00:7D:FD
+ifconfig eth1 200.200.200.10 netmask 255.255.255.0
+ifconfig eth1 up
+arp -s 192.168.1.21 00:00:00:00:00:01
+route add default dev eth1
+echo 1 > /proc/sys/net/ipv4/ip_forward
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right
new file mode 100755
index 000000000..f0e333ee3
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right
@@ -0,0 +1,13 @@
+# board on right setup
+set -v
+ifconfig eth0 down
+ifconfig eth0 hw ether 00:E0:0C:00:01:FD
+ifconfig eth0 192.168.2.130 netmask 255.255.255.0
+ifconfig eth0 up
+ifconfig eth1 down
+ifconfig eth1 hw ether 00:E0:0C:00:00:FD
+ifconfig eth1 200.200.200.20 netmask 255.255.255.0
+ifconfig eth1 up
+arp -s 192.168.2.21 00:00:00:00:00:02
+route add default dev eth1
+echo 1 > /proc/sys/net/ipv4/ip_forward
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf
new file mode 100644
index 000000000..1701f4abc
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf
@@ -0,0 +1,19 @@
+# strongswan.conf - strongSwan configuration file
+
+charon {
+        load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-raw updown
+        multiple_authentication = no
+}
+
+pluto {
+
+        # plugins to load in pluto
+        #load = aes des sha1 md5 sha2 hmac gmp random pubkey
+        
+}
+
+libstrongswan {
+
+        #  set to no, the DH exponent size is optimized
+        #  dh_exponent_ansi_x9_42 = no
+}
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem
new file mode 100644
index 000000000..0865ad22e
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u
+Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y
+X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f
+FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc
+4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/
+7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5
+gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr
+K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG
+A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j
+BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw
+FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv
+b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in
+Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n
+1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y
+vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si
+7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa
+Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w=
+-----END CERTIFICATE-----
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left
new file mode 100755
index 000000000..e55c3e427
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left
@@ -0,0 +1,10 @@
+#strongswan on left board
+set -v
+cp -rf ipsec.conf.left /etc/ipsec.conf
+cp -rf ipsec.secrets.left /etc/ipsec.secrets
+cp -rf strongswan.conf /etc/
+cp -rf strongswanCert.pem /etc/ipsec.d/cacerts/
+cp -rf moonCert.pem /etc/ipsec.d/certs/
+mkdir /etc/ipsec.d/private
+cp -rf sunKey.pem /etc/ipsec.d/private/
+cp -rf moonKey.pem /etc/ipsec.d/private/
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right
new file mode 100755
index 000000000..bcdbb7311
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right
@@ -0,0 +1,10 @@
+#strongswan on left board
+set -v
+cp -rf ipsec.conf.right /etc/ipsec.conf
+cp -rf ipsec.secrets.right /etc/ipsec.secrets
+cp -rf strongswan.conf /etc/
+cp -rf strongswanCert.pem /etc/ipsec.d/cacerts/
+cp -rf sunCert.pem /etc/ipsec.d/certs/
+mkdir /etc/ipsec.d/private
+cp -rf sunKey.pem /etc/ipsec.d/private/
+cp -rf moonKey.pem /etc/ipsec.d/private/
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem
new file mode 100644
index 000000000..d0937bab8
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIDCCAwigAwIBAgIBFjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA5MDgyNzA5NTkwNFoXDTE0MDgyNjA5NTkwNFowRTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z
+dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+V
+VIpn6Q5jaU//EN6p6A5cSfUfhBK0mFa2laFFZh/Y0h66AXqqrQ3X917h7YNsSk68
+oowY9h9I3gOx7hNVBsJr2VjdYC+b0q5NTha09/A5mimv/prYj6o0yawxoPjoDs9Y
+h7D7Kf+F8fkgk0stlHJZX66J7dNrFXbg1xBld+Ep5Or2FbEZ9QWUpRQTuhdpNt/4
+9YuxQ59DemY9IRbwsrKCHH0mGrJsDdqeb0ap+8QvSXHjCt1fr9MNKWaAFAQLKQI4
+e0da1ntPCEQLeE833+NNRBgGufk0KqGT3eAXqrxa9AEIUJnVcPexQdqUMjcUpXFb
+8WNzRWB8Egh3BDK6FsECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgOoMB0GA1UdDgQWBBRW1p4v2qihzRlcI1PnxbZwluML+zBtBgNVHSMEZjBkgBRd
+p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
+EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
+ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y
+Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAo37LYT9Awx0MK/nA
+FZpPJqUr0Ey+O5Ukcsdx7nd00SlmpiQRY8KmuRXCBQnDEgdLstd3slQjT0pJEgWF
+0pzxybnI6eOzYAhLfhart+X1hURiNGbXjggm2s4I5+K32bVIkNEqlsYnd/6F9oo5
+ZNO0/eTTruLZfkNe/zchBGKe/Z7MacVwlYWWCbMtBV4K1d5dGcRRgpQ9WivDlmat
+Nh9wlscDSgSGk3HJkbxnq695VN7zUbDWAUvWWhV5bIDjlAR/xyT9ApqIxiyVVRul
+fYrE7U05Hbt6GgAroAKLp6qJup9+TxQAKSjKIwJ0hf7OuYyQ8TZtVHS7AOhm+T/5
+G/jGGA==
+-----END CERTIFICATE-----
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem
new file mode 100644
index 000000000..d8fad9aad
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA35VUimfpDmNpT/8Q3qnoDlxJ9R+EErSYVraVoUVmH9jSHroB
+eqqtDdf3XuHtg2xKTryijBj2H0jeA7HuE1UGwmvZWN1gL5vSrk1OFrT38DmaKa/+
+mtiPqjTJrDGg+OgOz1iHsPsp/4Xx+SCTSy2Ucllfront02sVduDXEGV34Snk6vYV
+sRn1BZSlFBO6F2k23/j1i7FDn0N6Zj0hFvCysoIcfSYasmwN2p5vRqn7xC9JceMK
+3V+v0w0pZoAUBAspAjh7R1rWe08IRAt4Tzff401EGAa5+TQqoZPd4BeqvFr0AQhQ
+mdVw97FB2pQyNxSlcVvxY3NFYHwSCHcEMroWwQIDAQABAoIBADH51hjN2zk9HVgl
+QmcTAWzcUie5cLMhrP+M9mtC8O3jcCwwFY6OwfnbMU8DHy0GMqHg5lB8b99UUVPw
+HLAzjDw/ESkc6pgZs4EEhJTsxJLsvTnePgHssEgyXnXf7gRVEqJkPohfy+Zy0UCH
+eIUQXiMlOQ7xg7iDMhwNa+UdWSt539DztSKilQn2xdPZjFnMT0/prvl4NA/8Zn54
+/SdWDq5yRdLWb6EK1V7yJ3687GXR1jzGtgy7TXuncUJVTYgX7RdP1Tn6gWD8YAQ/
+RfT0DdWYm4WHSgSb9/NW8lBZH2yy3hg+lNgofXEvTfBkO5QyW31LIr0tCV6zhJIc
+Y9MxaKUCgYEA9sktaXfhPLe0ECjdeQEOq5EKuDrCviSKCOuAV4BDSOsdw6+5LWfY
+Vb/oke8N70lL3RCblcj1pOKWUi2O/SpEJdDRduiw2gM9cXt3/bChSTHC4TsIxxN/
+Db9OGg72kZ4sRY5Au+zyAAQYBwXhFWux194Jk5qK0JblNG9J5QMqZDcCgYEA5+5h
+BgHUMEO+pdME5lAiSc5PcNTejpA6j+OikCh4/HFXy3C/dLx+Cs1+egw64c8iVaIv
+NEo7n7E9I0e3XqanPRXhMnBRrP+39OVsWPmZ18Li2Hi84KwJyi8Y11l3XJOqaYpF
+wMVUuZpxR0dfG5k/5GwT/tEkmQBglOgG3m2zUMcCgYEA4m3Vd9ahV5dp5AXKpzKc
+JjiPMFfhxJo7+FEz0ZUCp03qYljBu/Jy4MKS/grrqyiCLdQGHNlk4SNxLvdUId78
+5gGBnuuDEJU2dAAIKUE9yq2YlBUZSacOxStI2snt28/X6P3LUWHm7LLU5OS1D3Vf
+mKPF/6MlSJuas5CEqVZNN+MCgYBH9Qh7IaQgmVQUBKVXg3Mv7OduvUyTdKIGtHxi
+N3xZ7hxsDP4JjNWaKmlcGmFGX8pqQRheI83d3NJ4GK8GmbP3Wst0p65fezMqsudr
+r30QmPFicgs/tYCQDw6o+aPzwAi2F+VOSqrfrtAIaldSq7hL+VA21dKB+cD9UgOX
+jPd+TwKBgQCbKeg2QNS2qhPIG9eaqJDROuxmxb/07d7OBctgMgxVvKhqW9hW42Sy
+gJ59fyz5QjFBaSfcOdf4gkKyEawVo45/q6ymIQU37R4vF4CW9Z3CfaIbwJp7LcHV
+zH07so/HNsZua6GWCSCLJU5MeCRiZzk2RFiS9KIaLP4gZndv4lXOiQ==
+-----END RSA PRIVATE KEY-----
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb
new file mode 100644
index 000000000..f29c375a3
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb
@@ -0,0 +1,23 @@
+SUMMARY = "Scripts and configuration files for ipsec demo"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+RDEPENDS_${PN} = "ipsec-tools bash"
+
+inherit allarch
+
+SRC_URI = "file://test_setkey"
+
+S = "${WORKDIR}"
+
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
+
+do_install(){
+    install -d  ${D}${datadir}
+    cp -a ${WORKDIR}/test_setkey ${D}${datadir}/
+    chown -R root:root ${D}${datadir}/test_setkey
+}
+
+FILES_${PN} = "${datadir}/*"
+COMPATIBLE_MACHINE = "(qoriq)"
diff --git a/dynamic-layers/networking-layer/recipes-kernel/asf/asf_git.bb b/dynamic-layers/networking-layer/recipes-kernel/asf/asf_git.bb
new file mode 100644
index 000000000..34308e2dc
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-kernel/asf/asf_git.bb
@@ -0,0 +1,37 @@
+DESCRIPTION = "Non-DPAA software Application Specific Fast-path"
+SECTION = "asf"
+LICENSE = "GPLv2 & GPLv2+ & BSD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b5881ecf398da8a03a3f4c501e29d287"
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/asf.git;branch=sdk-v1.9.x"
+SRCREV = "9580a629d3aec3ab3c5e152c6693846b96787906"
+
+RDEPENDS_${PN} += "ipsec-tools"
+
+inherit module qoriq_build_64bit_kernel
+
+S = "${WORKDIR}/git/asfmodule"
+
+EXTRA_OEMAKE = "CROSS_COMPILE=${TARGET_PREFIX}"
+export KERNEL_PATH = "${STAGING_KERNEL_DIR}"
+
+INHIBIT_PACKAGE_STRIP = "1"
+
+do_configure[depends] += "virtual/kernel:do_shared_workdir"
+do_configure_prepend () {
+    find ${S} -name Makefile -exec \
+        sed -i 's,$(KERNEL_PATH)/.config,$(KBUILD_OUTPUT)/.config,' {} \;
+}
+
+do_install(){
+    install -d ${D}/${libexecdir}
+    install -d ${D}/lib/modules/${KERNEL_VERSION}/asf
+    cp -rf ${S}/bin/full ${D}/lib/modules/${KERNEL_VERSION}/asf
+    cp -rf ${S}/bin/min  ${D}/lib/modules/${KERNEL_VERSION}/asf
+    cp -rf ${S}/../scripts ${D}/${libexecdir}/
+    find ${D}/lib -depth -type d -exec rmdir --ignore-fail-on-non-empty {} \;
+}
+
+FILES_${PN} += "${libexecdir}"
+
+COMPATIBLE_MACHINE = "(qoriq)"
diff --git a/dynamic-layers/openembedded-layer/recipes-dpaa/fmc/fmc_git.bb b/dynamic-layers/openembedded-layer/recipes-dpaa/fmc/fmc_git.bb
new file mode 100644
index 000000000..d54b84543
--- /dev/null
+++ b/dynamic-layers/openembedded-layer/recipes-dpaa/fmc/fmc_git.bb
@@ -0,0 +1,52 @@
+DESCRIPTION = "Frame Manager Configuration tool"
+SECTION = "fmc"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://COPYING;md5=a504ab5a8ff235e67c7301214749346c"
+
+PR = "r2"
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/fmc.git;branch=sdk-v1.9.x"
+SRCREV = "a079d2c844edd85dff85a317a63198e7988bcd09"
+
+DEPENDS = "libxml2 fmlib tclap"
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+COMPATIBLE_HOST_qoriq-ppc = ".*"
+COMPATIBLE_HOST ?= "(none)"
+
+S = "${WORKDIR}/git"
+
+EXTRA_OEMAKE = 'FMD_USPACE_HEADER_PATH="${STAGING_INCDIR}/fmd" \
+    FMD_USPACE_LIB_PATH="${STAGING_LIBDIR}" LIBXML2_HEADER_PATH="${STAGING_INCDIR}/libxml2" \
+    TCLAP_HEADER_PATH="${STAGING_INCDIR}" '
+EXTRA_OEMAKE_virtclass-native = 'FMCHOSTMODE=1 FMD_USPACE_HEADER_PATH="${STAGING_INCDIR}/fmd" \
+    FMD_USPACE_LIB_PATH="${STAGING_LIBDIR}" LIBXML2_HEADER_PATH="${STAGING_INCDIR}/libxml2" \
+    TCLAP_HEADER_PATH="${STAGING_INCDIR}" '
+
+PARALLEL_MAKE = ""
+
+EXTRA_OEMAKE_PLATFORM ?= ""
+EXTRA_OEMAKE_PLATFORM_b4 = "b4860qds"
+EXTRA_OEMAKE_PLATFORM_t2 = "b4860qds"
+EXTRA_OEMAKE_PLATFORM_t4 = "b4860qds"
+EXTRA_OEMAKE_PLATFORM_t1 = "t1040qds"
+
+do_compile () {
+    oe_runmake MACHINE=${EXTRA_OEMAKE_PLATFORM} -C source
+}
+
+do_install () {
+    install -d ${D}/${bindir}
+    install -m 755 ${S}/source/fmc ${D}/${bindir}/fmc
+
+    install -d ${D}/etc/fmc/config
+    install -m 644 ${S}/etc/fmc/config/hxs_pdl_v3.xml ${D}/etc/fmc/config
+
+    install -d ${D}/${includedir}/fmc
+    install ${S}/source/fmc.h ${D}/${includedir}/fmc
+
+    install -d ${D}/${libdir}
+    install ${S}/source/libfmc.a ${D}/${libdir}
+}
+
+BBCLASSEXTEND = "native"
diff --git a/dynamic-layers/openembedded-layer/recipes-dpaa/usdpaa-apps/usdpaa-apps/fix-the-inline-function-definition-with-gcc-5.x.patch b/dynamic-layers/openembedded-layer/recipes-dpaa/usdpaa-apps/usdpaa-apps/fix-the-inline-function-definition-with-gcc-5.x.patch
new file mode 100644
index 000000000..9f3d22cc5
--- /dev/null
+++ b/dynamic-layers/openembedded-layer/recipes-dpaa/usdpaa-apps/usdpaa-apps/fix-the-inline-function-definition-with-gcc-5.x.patch
@@ -0,0 +1,80 @@
+From 2b308217d2811e5d1420d7ce6e18f77a992f52e9 Mon Sep 17 00:00:00 2001
+From: Ting Liu <ting.liu@freescale.com>
+Date: Tue, 22 Dec 2015 13:16:33 +0800
+Subject: [PATCH] fix the inline function definition with gcc 5.x
+
+There are different semantics for inline functions for gcc-5.x compared to
+previous gcc. Fix the following build error:
+| dpa_classif_demo.c:(.text+0xeae): undefined reference to `crc64_hash_function'
+| simple_crypto.c:(.text+0x5b8e): undefined reference to `get_num_of_buffers'
+| simple_crypto.c:(.text+0x5b9a): undefined reference to `get_test_mode'
+| simple_crypto.c:(.text+0x5baa): undefined reference to `get_num_of_cpus'
+| simple_crypto.c:(.text+0x5bb2): undefined reference to `requires_authentication'
+| simple_crypto.c:(.text+0x5bbe): undefined reference to `get_thread_barrier'
+
+Upstream-Status: Pending
+
+Signed-off-by: Ting Liu <ting.liu@freescale.com>
+---
+ lib/hash_table/fman_crc64_hash_func.h     |  2 +-
+ src/simple_crypto/include/simple_crypto.h | 10 +++++-----
+ src/simple_proto/include/simple_proto.h   | 10 +++++-----
+ 3 files changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/lib/hash_table/fman_crc64_hash_func.h b/lib/hash_table/fman_crc64_hash_func.h
+index 5095203..bdcf12b 100644
+--- a/lib/hash_table/fman_crc64_hash_func.h
++++ b/lib/hash_table/fman_crc64_hash_func.h
+@@ -36,7 +36,7 @@
+ #include <fsl_fman.h>
+ 
+ /* Hash function used by the hash table based on FMan CRC64 */
+-inline uint32_t crc64_hash_function(uint8_t *key, uint32_t size)
++static inline uint32_t crc64_hash_function(uint8_t *key, uint32_t size)
+ {
+        uint64_t hashval = 0;
+        hashval = fman_crc64_init();
+diff --git a/src/simple_crypto/include/simple_crypto.h b/src/simple_crypto/include/simple_crypto.h
+index bae3460..46ea176 100644
+--- a/src/simple_crypto/include/simple_crypto.h
++++ b/src/simple_crypto/include/simple_crypto.h
+@@ -123,10 +123,10 @@ static int validate_test_set(struct test_param crypto_info);
+ void set_crypto_cbs(struct test_cb *crypto_cb, struct test_param crypto_info);
+ inline int get_num_of_iterations(void *stuff);
+ void set_num_of_iterations(void *stuff, unsigned int itr_num);
+-inline int get_num_of_buffers(void *stuff);
+-inline enum test_mode get_test_mode(void *stuff);
+-inline uint8_t requires_authentication(void *);
+-inline long get_num_of_cpus(void);
+-inline pthread_barrier_t *get_thread_barrier(void);
++static inline int get_num_of_buffers(void *stuff);
++static inline enum test_mode get_test_mode(void *stuff);
++static inline uint8_t requires_authentication(void *);
++static inline long get_num_of_cpus(void);
++static inline pthread_barrier_t *get_thread_barrier(void);
+ 
+ #endif /* __SIMPLE_CRYPTO_H */
+diff --git a/src/simple_proto/include/simple_proto.h b/src/simple_proto/include/simple_proto.h
+index d413e70..ce0e842 100644
+--- a/src/simple_proto/include/simple_proto.h
++++ b/src/simple_proto/include/simple_proto.h
+@@ -83,11 +83,11 @@ struct protocol_info *(*register_protocol[])(void) = {
+ static void set_crypto_cbs(struct test_cb *crypto_cb);
+ int get_num_of_iterations(void *params);
+ void set_num_of_iterations(void *params, unsigned int itr_num);
+-inline int get_num_of_buffers(void *params);
+-inline enum test_mode get_test_mode(void *params);
+-inline uint8_t requires_authentication(void *);
+-inline long get_num_of_cpus(void);
+-inline pthread_barrier_t *get_thread_barrier(void);
++static inline int get_num_of_buffers(void *params);
++static inline enum test_mode get_test_mode(void *params);
++static inline uint8_t requires_authentication(void *);
++static inline long get_num_of_cpus(void);
++static inline pthread_barrier_t *get_thread_barrier(void);
+ int register_modules(void);
+ void unregister_modules(void);
+ 
+-- 
+1.9.2
+
diff --git a/dynamic-layers/openembedded-layer/recipes-dpaa/usdpaa-apps/usdpaa-apps/xfrm_km.c-use-in6_-macros-from-glibc-instead-of-kern.patch b/dynamic-layers/openembedded-layer/recipes-dpaa/usdpaa-apps/usdpaa-apps/xfrm_km.c-use-in6_-macros-from-glibc-instead-of-kern.patch
new file mode 100644
index 000000000..c6d35f008
--- /dev/null
+++ b/dynamic-layers/openembedded-layer/recipes-dpaa/usdpaa-apps/usdpaa-apps/xfrm_km.c-use-in6_-macros-from-glibc-instead-of-kern.patch
@@ -0,0 +1,49 @@
+From 1e1e8d74db98faed57a5a62788e1226801661e0e Mon Sep 17 00:00:00 2001
+From: Ting Liu <ting.liu@freescale.com>
+Date: Tue, 22 Dec 2015 23:37:49 +0800
+Subject: [PATCH] xfrm_km.c: use in6_* macros from glibc instead of kernel
+
+Both glibc and the kernel have in6_* macros definition. Use the one from glibc.
+Kernel headers will check for previous libc definitions by including
+include/linux/libc-compat.h.
+
+Fix the below build error:
+|  [CC] xfrm_km.c                           (bin:srio_ipsec_offload)
+| In file included from .../tmp/sysroots/b4860qds-64b/usr/include/linux/xfrm.h:4:0,
+|                  from src/srio_ipsec_offload/xfrm_km.c:46:
+| .../usr/include/netinet/in.h:99:5: error: expected identifier before numeric constant
+|      IPPROTO_HOPOPTS = 0,   /* IPv6 Hop-by-Hop options.  */
+|      ^
+| In file included from .../tmp/sysroots/b4860qds-64b/usr/include/netinet/ip.h:24:0,
+|                  from src/srio_ipsec_offload/xfrm_km.c:52:
+| .../tmp/sysroots/b4860qds-64b/usr/include/netinet/in.h:209:8: error: redefinition of 'struct in6_addr'
+|  struct in6_addr
+|         ^
+| In file included from .../tmp/sysroots/b4860qds-64b/usr/include/linux/xfrm.h:4:0,
+|                  from src/srio_ipsec_offload/xfrm_km.c:46:
+| .../tmp/sysroots/b4860qds-64b/usr/include/linux/in6.h:32:8: note: originally defined here
+|  struct in6_addr {
+|         ^
+
+Upstream-Status: Pending
+
+Signed-off-by: Ting Liu <ting.liu@freescale.com>
+---
+ src/srio_ipsec_offload/xfrm_km.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/srio_ipsec_offload/xfrm_km.c b/src/srio_ipsec_offload/xfrm_km.c
+index df23fd1..d69aafa 100644
+--- a/src/srio_ipsec_offload/xfrm_km.c
++++ b/src/srio_ipsec_offload/xfrm_km.c
+@@ -42,6 +42,7 @@
+ #include <linux/types.h>
+ #include <sys/socket.h>
+ #include <sys/ioctl.h>
++#include <netinet/in.h>
+ #include <linux/netlink.h>
+ #include <linux/xfrm.h>
+ #include <sched.h>
+-- 
+1.9.2
+
diff --git a/dynamic-layers/openembedded-layer/recipes-dpaa/usdpaa-apps/usdpaa-apps_git.bb b/dynamic-layers/openembedded-layer/recipes-dpaa/usdpaa-apps/usdpaa-apps_git.bb
new file mode 100644
index 000000000..1a19d1e84
--- /dev/null
+++ b/dynamic-layers/openembedded-layer/recipes-dpaa/usdpaa-apps/usdpaa-apps_git.bb
@@ -0,0 +1,68 @@
+DESCRIPTION = "User-Space Data-Path Acceleration Architecture Demo Applications"
+LICENSE = "BSD & GPLv2"
+LIC_FILES_CHKSUM = "file://Makefile;endline=30;md5=d2a5d894118910d49993347f3f6e0f1e"
+
+inherit pkgconfig
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+DEPENDS = "libxml2 libedit ncurses readline fmc usdpaa dpa-offload libnl"
+DEPENDS_append_b4860qds = " ipc-ust"
+DEPENDS_append_b4420qds = " ipc-ust"
+
+RDEPENDS_${PN} = "libgcc bash"
+RDEPENDS_${PN}_append_b4860qds = " ipc-ust"
+RDEPENDS_${PN}_append_b4420qds = " ipc-ust"
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/usdpaa/usdpaa-apps.git;branch=sdk-v1.9.x \
+    file://fix-the-inline-function-definition-with-gcc-5.x.patch \
+    file://xfrm_km.c-use-in6_-macros-from-glibc-instead-of-kern.patch \
+"
+SRCREV = "1d9418af04990289bec72cd43a9385690523fcdb"
+
+S = "${WORKDIR}/git"
+
+EXTRA_OEMAKE = 'CC="${CC}" LD="${LD}" AR="${AR}"'
+export ARCH="${TARGET_ARCH}"
+
+SOC ?= "P4080"
+SOC_b4 = "B4860"
+SOC_t1 = "T1040"
+SOC_t2 = "T2080"
+SOC_t4 = "T4240"
+SOC_p1023rdb = "P1023"
+
+FMAN_VARIANT ?= "P4080"
+FMAN_VARIANT_b4 = "FMAN_V3H"
+FMAN_VARIANT_t1 = "FMAN_V3L"
+FMAN_VARIANT_t2 = "FMAN_V3H"
+FMAN_VARIANT_t4 = "FMAN_V3H"
+FMAN_VARIANT_p1023rdb = "P1023"
+
+do_compile_prepend () {
+    export SOC=${SOC}
+    export FMC_EXTRA_CFLAGS="-I ${STAGING_INCDIR}/fmc"
+    export FMLIB_EXTRA_CFLAGS="-I ${STAGING_INCDIR}/fmd \
+        -I ${STAGING_INCDIR}/fmd/Peripherals \
+        -I ${STAGING_INCDIR}/fmd/integrations \
+        -D${FMAN_VARIANT}"
+    export USDPAA_EXTRA_CFLAGS="-I ${STAGING_INCDIR}/usdpaa"
+    export DPAOFFLOAD_EXTRA_CFLAGS="-I ${STAGING_INCDIR}/dpa-offload"
+    export LIBNL_EXTRA_CFLAGS="-I ${STAGING_INCDIR}/libnl3"
+    export LIBNL_EXTRA_LDFLAGS="-lnl-3 -lnl-route-3"
+    export LIBXML2_CFLAGS="`pkg-config --cflags libxml-2.0`"
+    export LIBXML2_LDFLAGS="`pkg-config --libs --static libxml-2.0`"
+    export LIBEDIT_CFLAGS="`pkg-config --cflags libedit`"
+    export LIBEDIT_LDFLAGS="`pkg-config --libs --static libedit`"
+}
+
+do_install () {
+    export SOC=${SOC}
+    oe_runmake install DESTDIR=${D}
+}
+
+PARALLEL_MAKE_pn-${PN} = ""
+FILES_${PN} += "/root/SOURCE_THIS /usr/etc/"
+
+COMPATIBLE_HOST_qoriq-ppc = ".*"
+COMPATIBLE_HOST ?= "(none)"
diff --git a/dynamic-layers/openembedded-layer/recipes-support/web-sysmon/web-sysmon_git.bb b/dynamic-layers/openembedded-layer/recipes-support/web-sysmon/web-sysmon_git.bb
new file mode 100644
index 000000000..36a0c209f
--- /dev/null
+++ b/dynamic-layers/openembedded-layer/recipes-support/web-sysmon/web-sysmon_git.bb
@@ -0,0 +1,35 @@
+DESCRIPTION = "Web System Monitor Files"
+SECTION = "web-sysmon"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e"
+
+RDEPENDS_${PN} = "\
+    bc \
+    cairo \
+    coreutils \
+    cronie \
+    liberation-fonts \
+    lighttpd \
+    lighttpd-module-cgi \
+    lmsensors-sensors \
+    make \
+    rrdtool \
+"
+
+SRC_URI = "git://git.freescale.com/ppc/sdk/web-sysmon-dev.git;nobranch=1"
+SRCREV = "8d0c6eca1113832fabe917fd0cb25abe2d4d7157"
+
+inherit update-rc.d
+
+S = "${WORKDIR}/git"
+
+EXTRA_OEMAKE += "D=${D}"
+do_install () {
+        oe_runmake install
+}
+
+FILES_${PN} += "/"
+
+INITSCRIPT_NAME = "web-sysmon.sh"
+INITSCRIPT_PARAMS = "defaults 99 20"
+COMPATIBLE_MACHINE  = "(qoriq-ppc)"