Return to racoon.conf.sample CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / elwix / config / etc / default / racoon

Annotation of elwix/config/etc/default/racoon/racoon.conf.sample, revision 1.1

1.1     ! misho       1: # $KAME: racoon.conf.sample,v 1.28 2002/10/18 14:33:28 itojun Exp $
        !             2: 
        !             3: # "path" affects "include" directives.  "path" must be specified before any
        !             4: # "include" directive with relative file path.
        !             5: # you can overwrite "path" directive afterwards, however, doing so may add
        !             6: # more confusion.
        !             7: #path include "/usr/local/v6/etc" ;
        !             8: #include "remote.conf" ;
        !             9: 
        !            10: # the file should contain key ID/key pairs, for pre-shared key authentication.
        !            11: path pre_shared_key "/usr/local/v6/etc/psk.txt" ;
        !            12: 
        !            13: # racoon will look for certificate file in the directory,
        !            14: # if the certificate/certificate request payload is received.
        !            15: #path certificate "/usr/local/openssl/certs" ;
        !            16: 
        !            17: # "log" specifies logging level.  It is followed by either "notify", "debug"
        !            18: # or "debug2".
        !            19: #log debug;
        !            20: 
        !            21: remote anonymous
        !            22: {
        !            23:        #exchange_mode main,aggressive,base;
        !            24:        exchange_mode main,base;
        !            25: 
        !            26:        #my_identifier fqdn "server.kame.net";
        !            27:        #certificate_type x509 "foo@kame.net.cert" "foo@kame.net.priv" ;
        !            28: 
        !            29:        lifetime time 24 hour ; # sec,min,hour
        !            30: 
        !            31:        #initial_contact off ;
        !            32:        #passive on ;
        !            33: 
        !            34:        # phase 1 proposal (for ISAKMP SA)
        !            35:        proposal {
        !            36:                encryption_algorithm 3des;
        !            37:                hash_algorithm sha1;
        !            38:                authentication_method pre_shared_key ;
        !            39:                dh_group 2 ;
        !            40:        }
        !            41: 
        !            42:        # the configuration could makes racoon (as a responder)
        !            43:        # to obey the initiator's lifetime and PFS group proposal,
        !            44:        # by setting proposal_check to obey.
        !            45:        # this would makes testing "so much easier", but is really
        !            46:        # *not* secure !!!
        !            47:        proposal_check strict;
        !            48: }
        !            49: 
        !            50: # phase 2 proposal (for IPsec SA).
        !            51: # actual phase 2 proposal will obey the following items:
        !            52: # - kernel IPsec policy configuration (like "esp/transport//use)
        !            53: # - permutation of the crypto/hash/compression algorithms presented below
        !            54: sainfo anonymous
        !            55: {
        !            56:        pfs_group 2;
        !            57:        lifetime time 12 hour ;
        !            58:        encryption_algorithm 3des, cast128, blowfish 448, des, rijndael ;
        !            59:        authentication_algorithm hmac_sha1, hmac_md5 ;
        !            60:        compression_algorithm deflate ;
        !            61: }