Annotation of elwix/config/etc/default/racoon/racoon.conf.in, revision 1.1
1.1 ! misho 1: # $KAME: racoon.conf.in,v 1.18 2001/08/16 06:33:40 itojun Exp $
! 2:
! 3: # "path" affects "include" directives. "path" must be specified before any
! 4: # "include" directive with relative file path.
! 5: # you can overwrite "path" directive afterwards, however, doing so may add
! 6: # more confusion.
! 7: path include "@sysconfdir_x@/racoon";
! 8: #include "remote.conf";
! 9:
! 10: # the file should contain key ID/key pairs, for pre-shared key authentication.
! 11: path pre_shared_key "@sysconfdir_x@/racoon/psk.txt";
! 12:
! 13: # racoon will look for certificate file in the directory,
! 14: # if the certificate/certificate request payload is received.
! 15: path certificate "@sysconfdir_x@/cert";
! 16:
! 17: # "log" specifies logging level. It is followed by either "notify", "debug"
! 18: # or "debug2".
! 19: #log debug;
! 20:
! 21: # "padding" defines some padding parameters. You should not touch these.
! 22: padding
! 23: {
! 24: maximum_length 20; # maximum padding length.
! 25: randomize off; # enable randomize length.
! 26: strict_check off; # enable strict check.
! 27: exclusive_tail off; # extract last one octet.
! 28: }
! 29:
! 30: # if no listen directive is specified, racoon will listen on all
! 31: # available interface addresses.
! 32: listen
! 33: {
! 34: #isakmp ::1 [7000];
! 35: #isakmp 202.249.11.124 [500];
! 36: #admin [7002]; # administrative port for racoonctl.
! 37: #strict_address; # requires that all addresses must be bound.
! 38: }
! 39:
! 40: # Specify various default timers.
! 41: timer
! 42: {
! 43: # These value can be changed per remote node.
! 44: counter 5; # maximum trying count to send.
! 45: interval 20 sec; # maximum interval to resend.
! 46: persend 1; # the number of packets per send.
! 47:
! 48: # maximum time to wait for completing each phase.
! 49: phase1 30 sec;
! 50: phase2 15 sec;
! 51: }
! 52:
! 53: remote anonymous
! 54: {
! 55: exchange_mode main,aggressive;
! 56: doi ipsec_doi;
! 57: situation identity_only;
! 58:
! 59: my_identifier asn1dn;
! 60: certificate_type x509 "my.cert.pem" "my.key.pem";
! 61:
! 62: nonce_size 16;
! 63: initial_contact on;
! 64: proposal_check strict; # obey, strict, or claim
! 65:
! 66: proposal {
! 67: encryption_algorithm 3des;
! 68: hash_algorithm sha1;
! 69: authentication_method rsasig;
! 70: dh_group 2;
! 71: }
! 72: }
! 73:
! 74: remote ::1 [8000]
! 75: {
! 76: #exchange_mode main,aggressive;
! 77: exchange_mode aggressive,main;
! 78: doi ipsec_doi;
! 79: situation identity_only;
! 80:
! 81: my_identifier user_fqdn "sakane@kame.net";
! 82: peers_identifier user_fqdn "sakane@kame.net";
! 83: #certificate_type x509 "mycert" "mypriv";
! 84:
! 85: nonce_size 16;
! 86: lifetime time 1 min; # sec,min,hour
! 87:
! 88: proposal {
! 89: encryption_algorithm 3des;
! 90: hash_algorithm sha1;
! 91: authentication_method pre_shared_key;
! 92: dh_group 2;
! 93: }
! 94: }
! 95:
! 96: sainfo anonymous
! 97: {
! 98: pfs_group 2;
! 99: encryption_algorithm 3des;
! 100: authentication_algorithm hmac_sha1;
! 101: compression_algorithm deflate;
! 102: }
! 103:
! 104: sainfo address 203.178.141.209 any address 203.178.141.218 any
! 105: {
! 106: pfs_group 2;
! 107: lifetime time 30 sec;
! 108: encryption_algorithm des;
! 109: authentication_algorithm hmac_md5;
! 110: compression_algorithm deflate;
! 111: }
! 112:
! 113: sainfo address ::1 icmp6 address ::1 icmp6
! 114: {
! 115: pfs_group 3;
! 116: lifetime time 60 sec;
! 117: encryption_algorithm 3des, blowfish, aes;
! 118: authentication_algorithm hmac_sha1, hmac_md5;
! 119: compression_algorithm deflate;
! 120: }
! 121:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>