[BACK]Return to racoon.conf.sample CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon / samples
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon / samples / racoon.conf.sample
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Tue Feb 21 22:39:10 2012 UTC (12 years, 4 months ago) by misho
Branches: ipsec-tools, MAIN
CVS tags: v0_8_2p2, v0_8_1p0, v0_8_1, v0_8_0p0, v0_8_0, HEAD
ipsec-tools

    1: # $KAME: racoon.conf.sample,v 1.28 2002/10/18 14:33:28 itojun Exp $
    2: 
    3: # "path" affects "include" directives.  "path" must be specified before any
    4: # "include" directive with relative file path.
    5: # you can overwrite "path" directive afterwards, however, doing so may add
    6: # more confusion.
    7: #path include "/usr/local/v6/etc" ;
    8: #include "remote.conf" ;
    9: 
   10: # the file should contain key ID/key pairs, for pre-shared key authentication.
   11: path pre_shared_key "/usr/local/v6/etc/psk.txt" ;
   12: 
   13: # racoon will look for certificate file in the directory,
   14: # if the certificate/certificate request payload is received.
   15: #path certificate "/usr/local/openssl/certs" ;
   16: 
   17: # "log" specifies logging level.  It is followed by either "notify", "debug"
   18: # or "debug2".
   19: #log debug;
   20: 
   21: remote anonymous
   22: {
   23: 	#exchange_mode main,aggressive,base;
   24: 	exchange_mode main,base;
   25: 
   26: 	#my_identifier fqdn "server.kame.net";
   27: 	#certificate_type x509 "foo@kame.net.cert" "foo@kame.net.priv" ;
   28: 
   29: 	lifetime time 24 hour ;	# sec,min,hour
   30: 
   31: 	#initial_contact off ;
   32: 	#passive on ;
   33: 
   34: 	# phase 1 proposal (for ISAKMP SA)
   35: 	proposal {
   36: 		encryption_algorithm 3des;
   37: 		hash_algorithm sha1;
   38: 		authentication_method pre_shared_key ;
   39: 		dh_group 2 ;
   40: 	}
   41: 
   42: 	# the configuration could makes racoon (as a responder)
   43: 	# to obey the initiator's lifetime and PFS group proposal,
   44: 	# by setting proposal_check to obey.
   45: 	# this would makes testing "so much easier", but is really
   46: 	# *not* secure !!!
   47: 	proposal_check strict;
   48: }
   49: 
   50: # phase 2 proposal (for IPsec SA).
   51: # actual phase 2 proposal will obey the following items:
   52: # - kernel IPsec policy configuration (like "esp/transport//use)
   53: # - permutation of the crypto/hash/compression algorithms presented below
   54: sainfo anonymous
   55: {
   56: 	pfs_group 2;
   57: 	lifetime time 12 hour ;
   58: 	encryption_algorithm 3des, cast128, blowfish 448, des, rijndael ;
   59: 	authentication_algorithm hmac_sha1, hmac_md5 ;
   60: 	compression_algorithm deflate ;
   61: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>