55-freebsd-126-freebsd-12
Rev | Line | |
---|
[ff36f5e] | 1 | path certificate "/etc/openssl/certs"; |
---|
| 2 | |
---|
| 3 | listen { |
---|
| 4 | adminsock disabled; |
---|
| 5 | } |
---|
| 6 | |
---|
| 7 | remote anonymous { |
---|
| 8 | exchange_mode aggressive; |
---|
| 9 | certificate_type x509 "server.crt" "server.key"; |
---|
| 10 | my_identifier asn1dn; |
---|
| 11 | proposal_check strict; |
---|
| 12 | generate_policy on; |
---|
| 13 | nat_traversal on; |
---|
| 14 | dpd_delay 20; |
---|
| 15 | ike_frag on; |
---|
| 16 | proposal { |
---|
| 17 | encryption_algorithm aes; |
---|
| 18 | hash_algorithm sha1; |
---|
| 19 | authentication_method hybrid_rsa_server; |
---|
| 20 | dh_group 2; |
---|
| 21 | } |
---|
| 22 | } |
---|
| 23 | |
---|
| 24 | mode_cfg { |
---|
| 25 | pool_size 255; |
---|
| 26 | auth_source radius; |
---|
| 27 | conf_source radius; |
---|
| 28 | accounting radius; |
---|
| 29 | dns4 10.0.12.1; |
---|
| 30 | wins4 10.0.12.1; |
---|
| 31 | banner "/etc/racoon/motd"; |
---|
| 32 | pfs_group 2; |
---|
| 33 | } |
---|
| 34 | |
---|
| 35 | sainfo anonymous { |
---|
| 36 | pfs_group 2; |
---|
| 37 | lifetime time 1 hour; |
---|
| 38 | encryption_algorithm aes; |
---|
| 39 | authentication_algorithm hmac_sha1; |
---|
| 40 | compression_algorithm deflate; |
---|
| 41 | } |
---|
| 42 | |
---|
Note: See
TracBrowser
for help on using the repository browser.