Annotation of embedaddon/ipsec-tools/src/racoon/samples/racoon.conf.sample-plainrsa, revision 1.1

1.1     ! misho       1: # Id: racoon.conf.sample-plainrsa,v 1.4 2005/12/13 16:41:07 vanhu Exp
        !             2: # Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
        !             3: #                 http://www.logix.cz/michal
        !             4: 
        !             5: # This file shows the usage of PlainRSA keys, which are widely used
        !             6: # by FreeSWAN/OpenSwan/StrongSwan/*Swan users. This functionality is 
        !             7: # here mainly for those who are moving from the *Swan world to Racoon.
        !             8: 
        !             9: # Racoon will look for a keyfile in this directory.
        !            10: path certificate "samples" ;
        !            11: 
        !            12: remote anonymous
        !            13: {
        !            14:        # *Swan supports only 'main' mode.
        !            15:        exchange_mode main;
        !            16: 
        !            17:        # *Swan doesn't send identifiers by default.
        !            18:        my_identifier address;
        !            19:        peers_identifier address;
        !            20: 
        !            21:        # This is the trick - use PlainRSA certificates.
        !            22:        certificate_type plain_rsa "privatekey.rsa";
        !            23: 
        !            24:        # Multiple certfiles are supported.
        !            25:        peers_certfile plain_rsa "pubkey1.rsa";
        !            26:        peers_certfile plain_rsa "pubkey2.rsa";
        !            27: 
        !            28:        # Standard setup follows...
        !            29:        proposal_check strict;
        !            30: 
        !            31:        proposal {
        !            32:                encryption_algorithm 3des;
        !            33:                hash_algorithm sha1;
        !            34:                authentication_method rsasig;
        !            35:                dh_group 2;
        !            36:        }
        !            37: }
        !            38: 
        !            39: sainfo anonymous
        !            40: {
        !            41:        pfs_group 2;
        !            42:        lifetime time 12 hour;
        !            43:        encryption_algorithm 3des, aes;
        !            44:        authentication_algorithm hmac_sha1, hmac_md5;
        !            45:        compression_algorithm deflate;
        !            46: }

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>