1: # $KAME: racoon.conf.in,v 1.18 2001/08/16 06:33:40 itojun Exp $
2:
3: # "path" affects "include" directives. "path" must be specified before any
4: # "include" directive with relative file path.
5: # you can overwrite "path" directive afterwards, however, doing so may add
6: # more confusion.
7: path include "@sysconfdir_x@/racoon";
8: #include "remote.conf";
9:
10: # the file should contain key ID/key pairs, for pre-shared key authentication.
11: path pre_shared_key "@sysconfdir_x@/racoon/psk.txt";
12:
13: # racoon will look for certificate file in the directory,
14: # if the certificate/certificate request payload is received.
15: path certificate "@sysconfdir_x@/cert";
16:
17: # "log" specifies logging level. It is followed by either "notify", "debug"
18: # or "debug2".
19: #log debug;
20:
21: # "padding" defines some padding parameters. You should not touch these.
22: padding
23: {
24: maximum_length 20; # maximum padding length.
25: randomize off; # enable randomize length.
26: strict_check off; # enable strict check.
27: exclusive_tail off; # extract last one octet.
28: }
29:
30: # if no listen directive is specified, racoon will listen on all
31: # available interface addresses.
32: listen
33: {
34: #isakmp ::1 [7000];
35: #isakmp 202.249.11.124 [500];
36: #admin [7002]; # administrative port for racoonctl.
37: #strict_address; # requires that all addresses must be bound.
38: }
39:
40: # Specify various default timers.
41: timer
42: {
43: # These value can be changed per remote node.
44: counter 5; # maximum trying count to send.
45: interval 20 sec; # maximum interval to resend.
46: persend 1; # the number of packets per send.
47:
48: # maximum time to wait for completing each phase.
49: phase1 30 sec;
50: phase2 15 sec;
51: }
52:
53: remote anonymous
54: {
55: exchange_mode main,aggressive;
56: doi ipsec_doi;
57: situation identity_only;
58:
59: my_identifier asn1dn;
60: certificate_type x509 "my.cert.pem" "my.key.pem";
61:
62: nonce_size 16;
63: initial_contact on;
64: proposal_check strict; # obey, strict, or claim
65:
66: proposal {
67: encryption_algorithm 3des;
68: hash_algorithm sha1;
69: authentication_method rsasig;
70: dh_group 2;
71: }
72: }
73:
74: remote ::1 [8000]
75: {
76: #exchange_mode main,aggressive;
77: exchange_mode aggressive,main;
78: doi ipsec_doi;
79: situation identity_only;
80:
81: my_identifier user_fqdn "sakane@kame.net";
82: peers_identifier user_fqdn "sakane@kame.net";
83: #certificate_type x509 "mycert" "mypriv";
84:
85: nonce_size 16;
86: lifetime time 1 min; # sec,min,hour
87:
88: proposal {
89: encryption_algorithm 3des;
90: hash_algorithm sha1;
91: authentication_method pre_shared_key;
92: dh_group 2;
93: }
94: }
95:
96: sainfo anonymous
97: {
98: pfs_group 2;
99: encryption_algorithm 3des;
100: authentication_algorithm hmac_sha1;
101: compression_algorithm deflate;
102: }
103:
104: sainfo address 203.178.141.209 any address 203.178.141.218 any
105: {
106: pfs_group 2;
107: lifetime time 30 sec;
108: encryption_algorithm des;
109: authentication_algorithm hmac_md5;
110: compression_algorithm deflate;
111: }
112:
113: sainfo address ::1 icmp6 address ::1 icmp6
114: {
115: pfs_group 3;
116: lifetime time 60 sec;
117: encryption_algorithm 3des, blowfish, aes;
118: authentication_algorithm hmac_sha1, hmac_md5;
119: compression_algorithm deflate;
120: }
121:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to racoon.conf CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon / samples