# Id: racoon.conf.sample-plainrsa,v 1.4 2005/12/13 16:41:07 vanhu Exp
# Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
# http://www.logix.cz/michal
# This file shows the usage of PlainRSA keys, which are widely used
# by FreeSWAN/OpenSwan/StrongSwan/*Swan users. This functionality is
# here mainly for those who are moving from the *Swan world to Racoon.
# Racoon will look for a keyfile in this directory.
path certificate "samples" ;
remote anonymous
{
# *Swan supports only 'main' mode.
exchange_mode main;
# *Swan doesn't send identifiers by default.
my_identifier address;
peers_identifier address;
# This is the trick - use PlainRSA certificates.
certificate_type plain_rsa "privatekey.rsa";
# Multiple certfiles are supported.
peers_certfile plain_rsa "pubkey1.rsa";
peers_certfile plain_rsa "pubkey2.rsa";
# Standard setup follows...
proposal_check strict;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group 2;
}
}
sainfo anonymous
{
pfs_group 2;
lifetime time 12 hour;
encryption_algorithm 3des, aes;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate;
}
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>