1 files changed, 46 insertions, 0 deletions

diff --git a/ipsec-tools/src/racoon/samples/racoon.conf.sample-plainrsa b/ipsec-tools/src/racoon/samples/racoon.conf.sample-plainrsa
new file mode 100644
index 00000000..8447eb30
--- /dev/null
+++ b/ipsec-tools/src/racoon/samples/racoon.conf.sample-plainrsa
@@ -0,0 +1,46 @@
+# Id: racoon.conf.sample-plainrsa,v 1.4 2005/12/13 16:41:07 vanhu Exp
+# Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
+#                 http://www.logix.cz/michal
+
+# This file shows the usage of PlainRSA keys, which are widely used
+# by FreeSWAN/OpenSwan/StrongSwan/*Swan users. This functionality is 
+# here mainly for those who are moving from the *Swan world to Racoon.
+
+# Racoon will look for a keyfile in this directory.
+path certificate "samples" ;
+
+remote anonymous
+{
+	# *Swan supports only 'main' mode.
+	exchange_mode main;
+
+	# *Swan doesn't send identifiers by default.
+	my_identifier address;
+	peers_identifier address;
+
+	# This is the trick - use PlainRSA certificates.
+	certificate_type plain_rsa "privatekey.rsa";
+
+	# Multiple certfiles are supported.
+	peers_certfile plain_rsa "pubkey1.rsa";
+	peers_certfile plain_rsa "pubkey2.rsa";
+
+	# Standard setup follows...
+	proposal_check strict;
+
+	proposal {
+		encryption_algorithm 3des;
+		hash_algorithm sha1;
+		authentication_method rsasig;
+		dh_group 2;
+	}
+}
+
+sainfo anonymous
+{
+	pfs_group 2;
+	lifetime time 12 hour;
+	encryption_algorithm 3des, aes;
+	authentication_algorithm hmac_sha1, hmac_md5;
+	compression_algorithm deflate;
+}