diff options
Diffstat (limited to 'ipsec-tools/src/racoon/samples/racoon.conf.sample-inherit')
-rw-r--r-- | ipsec-tools/src/racoon/samples/racoon.conf.sample-inherit | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/ipsec-tools/src/racoon/samples/racoon.conf.sample-inherit b/ipsec-tools/src/racoon/samples/racoon.conf.sample-inherit new file mode 100644 index 00000000..9e1185f1 --- /dev/null +++ b/ipsec-tools/src/racoon/samples/racoon.conf.sample-inherit @@ -0,0 +1,55 @@ +# Id: racoon.conf.sample-inherit,v 1.3 2005/12/13 16:41:07 vanhu Exp +# Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs + +# This file shows the basic inheritance usage in 'remote' statements. + +path pre_shared_key "/etc/racoon/psk.txt"; +path certificate "/etc/racoon"; + +remote anonymous +{ + exchange_mode main,aggressive; + doi ipsec_doi; + situation identity_only; + + my_identifier asn1dn; + certificate_type x509 "my.cert.pem" "my.key.pem"; + + nonce_size 16; + initial_contact on; + proposal_check strict; # obey, strict or claim + + proposal { + encryption_algorithm 3des; + hash_algorithm sha1; + authentication_method rsasig; + dh_group 2; + } +} + +remote 3ffe:ffff::1 inherit anonymous +{ + exchange_mode aggressive; + nat_traversal force; +} + +remote 3ffe:ffff::1 [8000] inherit 3ffe:ffff::1 +{ + lifetime time 1 min; # sec,min,hour + + proposal { + encryption_algorithm 3des; + hash_algorithm sha1; + authentication_method pre_shared_key; + dh_group 2; + } +} + +sainfo anonymous +{ + pfs_group 2; + lifetime time 12 hour; + encryption_algorithm aes, 3des; + authentication_algorithm hmac_sha1, hmac_md5; + compression_algorithm deflate; +} |