source: rtems-libbsd/ipsec-tools/src/racoon/samples/racoon.conf.sample @ ff36f5e

5-freebsd-12
Last change on this file since ff36f5e was ff36f5e, checked in by Christian Mauderer <christian.mauderer@…>, on May 30, 2018 at 12:27:35 PM

Import ipsec-tools 0.8.2.

Import unchanged ipsec-tools sources in the release version 0.8.2. The
homepage of ipsec-tools is http://ipsec-tools.sourceforge.net/. The
sources can be obtained from there.

  • Property mode set to 100644
File size: 1.8 KB
Line 
1# $KAME: racoon.conf.sample,v 1.28 2002/10/18 14:33:28 itojun Exp $
2
3# "path" affects "include" directives.  "path" must be specified before any
4# "include" directive with relative file path.
5# you can overwrite "path" directive afterwards, however, doing so may add
6# more confusion.
7#path include "/usr/local/v6/etc" ;
8#include "remote.conf" ;
9
10# the file should contain key ID/key pairs, for pre-shared key authentication.
11path pre_shared_key "/usr/local/v6/etc/psk.txt" ;
12
13# racoon will look for certificate file in the directory,
14# if the certificate/certificate request payload is received.
15#path certificate "/usr/local/openssl/certs" ;
16
17# "log" specifies logging level.  It is followed by either "notify", "debug"
18# or "debug2".
19#log debug;
20
21remote anonymous
22{
23        #exchange_mode main,aggressive,base;
24        exchange_mode main,base;
25
26        #my_identifier fqdn "server.kame.net";
27        #certificate_type x509 "foo@kame.net.cert" "foo@kame.net.priv" ;
28
29        lifetime time 24 hour ; # sec,min,hour
30
31        #initial_contact off ;
32        #passive on ;
33
34        # phase 1 proposal (for ISAKMP SA)
35        proposal {
36                encryption_algorithm 3des;
37                hash_algorithm sha1;
38                authentication_method pre_shared_key ;
39                dh_group 2 ;
40        }
41
42        # the configuration could makes racoon (as a responder)
43        # to obey the initiator's lifetime and PFS group proposal,
44        # by setting proposal_check to obey.
45        # this would makes testing "so much easier", but is really
46        # *not* secure !!!
47        proposal_check strict;
48}
49
50# phase 2 proposal (for IPsec SA).
51# actual phase 2 proposal will obey the following items:
52# - kernel IPsec policy configuration (like "esp/transport//use)
53# - permutation of the crypto/hash/compression algorithms presented below
54sainfo anonymous
55{
56        pfs_group 2;
57        lifetime time 12 hour ;
58        encryption_algorithm 3des, cast128, blowfish 448, des, rijndael ;
59        authentication_algorithm hmac_sha1, hmac_md5 ;
60        compression_algorithm deflate ;
61}
Note: See TracBrowser for help on using the repository browser.