Return to racoon.conf.sample-plainrsa CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon / samples

ipsec-tools

    1: # Id: racoon.conf.sample-plainrsa,v 1.4 2005/12/13 16:41:07 vanhu Exp
    2: # Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
    3: #                 http://www.logix.cz/michal
    4: 
    5: # This file shows the usage of PlainRSA keys, which are widely used
    6: # by FreeSWAN/OpenSwan/StrongSwan/*Swan users. This functionality is 
    7: # here mainly for those who are moving from the *Swan world to Racoon.
    8: 
    9: # Racoon will look for a keyfile in this directory.
   10: path certificate "samples" ;
   11: 
   12: remote anonymous
   13: {
   14: 	# *Swan supports only 'main' mode.
   15: 	exchange_mode main;
   16: 
   17: 	# *Swan doesn't send identifiers by default.
   18: 	my_identifier address;
   19: 	peers_identifier address;
   20: 
   21: 	# This is the trick - use PlainRSA certificates.
   22: 	certificate_type plain_rsa "privatekey.rsa";
   23: 
   24: 	# Multiple certfiles are supported.
   25: 	peers_certfile plain_rsa "pubkey1.rsa";
   26: 	peers_certfile plain_rsa "pubkey2.rsa";
   27: 
   28: 	# Standard setup follows...
   29: 	proposal_check strict;
   30: 
   31: 	proposal {
   32: 		encryption_algorithm 3des;
   33: 		hash_algorithm sha1;
   34: 		authentication_method rsasig;
   35: 		dh_group 2;
   36: 	}
   37: }
   38: 
   39: sainfo anonymous
   40: {
   41: 	pfs_group 2;
   42: 	lifetime time 12 hour;
   43: 	encryption_algorithm 3des, aes;
   44: 	authentication_algorithm hmac_sha1, hmac_md5;
   45: 	compression_algorithm deflate;
   46: }