Annotation of elwix/config/etc/default/racoon/racoon.conf.sample, revision 1.1
1.1 ! misho 1: # $KAME: racoon.conf.sample,v 1.28 2002/10/18 14:33:28 itojun Exp $
! 2:
! 3: # "path" affects "include" directives. "path" must be specified before any
! 4: # "include" directive with relative file path.
! 5: # you can overwrite "path" directive afterwards, however, doing so may add
! 6: # more confusion.
! 7: #path include "/usr/local/v6/etc" ;
! 8: #include "remote.conf" ;
! 9:
! 10: # the file should contain key ID/key pairs, for pre-shared key authentication.
! 11: path pre_shared_key "/usr/local/v6/etc/psk.txt" ;
! 12:
! 13: # racoon will look for certificate file in the directory,
! 14: # if the certificate/certificate request payload is received.
! 15: #path certificate "/usr/local/openssl/certs" ;
! 16:
! 17: # "log" specifies logging level. It is followed by either "notify", "debug"
! 18: # or "debug2".
! 19: #log debug;
! 20:
! 21: remote anonymous
! 22: {
! 23: #exchange_mode main,aggressive,base;
! 24: exchange_mode main,base;
! 25:
! 26: #my_identifier fqdn "server.kame.net";
! 27: #certificate_type x509 "foo@kame.net.cert" "foo@kame.net.priv" ;
! 28:
! 29: lifetime time 24 hour ; # sec,min,hour
! 30:
! 31: #initial_contact off ;
! 32: #passive on ;
! 33:
! 34: # phase 1 proposal (for ISAKMP SA)
! 35: proposal {
! 36: encryption_algorithm 3des;
! 37: hash_algorithm sha1;
! 38: authentication_method pre_shared_key ;
! 39: dh_group 2 ;
! 40: }
! 41:
! 42: # the configuration could makes racoon (as a responder)
! 43: # to obey the initiator's lifetime and PFS group proposal,
! 44: # by setting proposal_check to obey.
! 45: # this would makes testing "so much easier", but is really
! 46: # *not* secure !!!
! 47: proposal_check strict;
! 48: }
! 49:
! 50: # phase 2 proposal (for IPsec SA).
! 51: # actual phase 2 proposal will obey the following items:
! 52: # - kernel IPsec policy configuration (like "esp/transport//use)
! 53: # - permutation of the crypto/hash/compression algorithms presented below
! 54: sainfo anonymous
! 55: {
! 56: pfs_group 2;
! 57: lifetime time 12 hour ;
! 58: encryption_algorithm 3des, cast128, blowfish 448, des, rijndael ;
! 59: authentication_algorithm hmac_sha1, hmac_md5 ;
! 60: compression_algorithm deflate ;
! 61: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>