Return to racoon.conf.sample CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / elwix / config / etc / default / racoon

Annotation of elwix/config/etc/default/racoon/racoon.conf.sample, revision 1.1.1.1

1.1       misho       1: # $KAME: racoon.conf.sample,v 1.28 2002/10/18 14:33:28 itojun Exp $
                      2: 
                      3: # "path" affects "include" directives.  "path" must be specified before any
                      4: # "include" directive with relative file path.
                      5: # you can overwrite "path" directive afterwards, however, doing so may add
                      6: # more confusion.
                      7: #path include "/usr/local/v6/etc" ;
                      8: #include "remote.conf" ;
                      9: 
                     10: # the file should contain key ID/key pairs, for pre-shared key authentication.
                     11: path pre_shared_key "/usr/local/v6/etc/psk.txt" ;
                     12: 
                     13: # racoon will look for certificate file in the directory,
                     14: # if the certificate/certificate request payload is received.
                     15: #path certificate "/usr/local/openssl/certs" ;
                     16: 
                     17: # "log" specifies logging level.  It is followed by either "notify", "debug"
                     18: # or "debug2".
                     19: #log debug;
                     20: 
                     21: remote anonymous
                     22: {
                     23:        #exchange_mode main,aggressive,base;
                     24:        exchange_mode main,base;
                     25: 
                     26:        #my_identifier fqdn "server.kame.net";
                     27:        #certificate_type x509 "foo@kame.net.cert" "foo@kame.net.priv" ;
                     28: 
                     29:        lifetime time 24 hour ; # sec,min,hour
                     30: 
                     31:        #initial_contact off ;
                     32:        #passive on ;
                     33: 
                     34:        # phase 1 proposal (for ISAKMP SA)
                     35:        proposal {
                     36:                encryption_algorithm 3des;
                     37:                hash_algorithm sha1;
                     38:                authentication_method pre_shared_key ;
                     39:                dh_group 2 ;
                     40:        }
                     41: 
                     42:        # the configuration could makes racoon (as a responder)
                     43:        # to obey the initiator's lifetime and PFS group proposal,
                     44:        # by setting proposal_check to obey.
                     45:        # this would makes testing "so much easier", but is really
                     46:        # *not* secure !!!
                     47:        proposal_check strict;
                     48: }
                     49: 
                     50: # phase 2 proposal (for IPsec SA).
                     51: # actual phase 2 proposal will obey the following items:
                     52: # - kernel IPsec policy configuration (like "esp/transport//use)
                     53: # - permutation of the crypto/hash/compression algorithms presented below
                     54: sainfo anonymous
                     55: {
                     56:        pfs_group 2;
                     57:        lifetime time 12 hour ;
                     58:        encryption_algorithm 3des, cast128, blowfish 448, des, rijndael ;
                     59:        authentication_algorithm hmac_sha1, hmac_md5 ;
                     60:        compression_algorithm deflate ;
                     61: }