Annotation of elwix/config/etc/default/racoon/racoon.conf.sample, revision 1.1.1.1
1.1 misho 1: # $KAME: racoon.conf.sample,v 1.28 2002/10/18 14:33:28 itojun Exp $
2:
3: # "path" affects "include" directives. "path" must be specified before any
4: # "include" directive with relative file path.
5: # you can overwrite "path" directive afterwards, however, doing so may add
6: # more confusion.
7: #path include "/usr/local/v6/etc" ;
8: #include "remote.conf" ;
9:
10: # the file should contain key ID/key pairs, for pre-shared key authentication.
11: path pre_shared_key "/usr/local/v6/etc/psk.txt" ;
12:
13: # racoon will look for certificate file in the directory,
14: # if the certificate/certificate request payload is received.
15: #path certificate "/usr/local/openssl/certs" ;
16:
17: # "log" specifies logging level. It is followed by either "notify", "debug"
18: # or "debug2".
19: #log debug;
20:
21: remote anonymous
22: {
23: #exchange_mode main,aggressive,base;
24: exchange_mode main,base;
25:
26: #my_identifier fqdn "server.kame.net";
27: #certificate_type x509 "foo@kame.net.cert" "foo@kame.net.priv" ;
28:
29: lifetime time 24 hour ; # sec,min,hour
30:
31: #initial_contact off ;
32: #passive on ;
33:
34: # phase 1 proposal (for ISAKMP SA)
35: proposal {
36: encryption_algorithm 3des;
37: hash_algorithm sha1;
38: authentication_method pre_shared_key ;
39: dh_group 2 ;
40: }
41:
42: # the configuration could makes racoon (as a responder)
43: # to obey the initiator's lifetime and PFS group proposal,
44: # by setting proposal_check to obey.
45: # this would makes testing "so much easier", but is really
46: # *not* secure !!!
47: proposal_check strict;
48: }
49:
50: # phase 2 proposal (for IPsec SA).
51: # actual phase 2 proposal will obey the following items:
52: # - kernel IPsec policy configuration (like "esp/transport//use)
53: # - permutation of the crypto/hash/compression algorithms presented below
54: sainfo anonymous
55: {
56: pfs_group 2;
57: lifetime time 12 hour ;
58: encryption_algorithm 3des, cast128, blowfish 448, des, rijndael ;
59: authentication_algorithm hmac_sha1, hmac_md5 ;
60: compression_algorithm deflate ;
61: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>