File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon / samples / racoon.conf.sample-plainrsa
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Tue Feb 21 22:39:10 2012 UTC (12 years, 10 months ago) by misho
Branches: ipsec-tools, MAIN
CVS tags: v0_8_2p2, v0_8_1p0, v0_8_1, v0_8_0p0, v0_8_0, HEAD
ipsec-tools

# Id: racoon.conf.sample-plainrsa,v 1.4 2005/12/13 16:41:07 vanhu Exp
# Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
#                 http://www.logix.cz/michal

# This file shows the usage of PlainRSA keys, which are widely used
# by FreeSWAN/OpenSwan/StrongSwan/*Swan users. This functionality is 
# here mainly for those who are moving from the *Swan world to Racoon.

# Racoon will look for a keyfile in this directory.
path certificate "samples" ;

remote anonymous
{
	# *Swan supports only 'main' mode.
	exchange_mode main;

	# *Swan doesn't send identifiers by default.
	my_identifier address;
	peers_identifier address;

	# This is the trick - use PlainRSA certificates.
	certificate_type plain_rsa "privatekey.rsa";

	# Multiple certfiles are supported.
	peers_certfile plain_rsa "pubkey1.rsa";
	peers_certfile plain_rsa "pubkey2.rsa";

	# Standard setup follows...
	proposal_check strict;

	proposal {
		encryption_algorithm 3des;
		hash_algorithm sha1;
		authentication_method rsasig;
		dh_group 2;
	}
}

sainfo anonymous
{
	pfs_group 2;
	lifetime time 12 hour;
	encryption_algorithm 3des, aes;
	authentication_algorithm hmac_sha1, hmac_md5;
	compression_algorithm deflate;
}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>