diff options
Diffstat (limited to 'ipsec-tools/src/racoon/samples/racoon.conf.sample-plainrsa')
-rw-r--r-- | ipsec-tools/src/racoon/samples/racoon.conf.sample-plainrsa | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/ipsec-tools/src/racoon/samples/racoon.conf.sample-plainrsa b/ipsec-tools/src/racoon/samples/racoon.conf.sample-plainrsa new file mode 100644 index 00000000..8447eb30 --- /dev/null +++ b/ipsec-tools/src/racoon/samples/racoon.conf.sample-plainrsa @@ -0,0 +1,46 @@ +# Id: racoon.conf.sample-plainrsa,v 1.4 2005/12/13 16:41:07 vanhu Exp +# Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs +# http://www.logix.cz/michal + +# This file shows the usage of PlainRSA keys, which are widely used +# by FreeSWAN/OpenSwan/StrongSwan/*Swan users. This functionality is +# here mainly for those who are moving from the *Swan world to Racoon. + +# Racoon will look for a keyfile in this directory. +path certificate "samples" ; + +remote anonymous +{ + # *Swan supports only 'main' mode. + exchange_mode main; + + # *Swan doesn't send identifiers by default. + my_identifier address; + peers_identifier address; + + # This is the trick - use PlainRSA certificates. + certificate_type plain_rsa "privatekey.rsa"; + + # Multiple certfiles are supported. + peers_certfile plain_rsa "pubkey1.rsa"; + peers_certfile plain_rsa "pubkey2.rsa"; + + # Standard setup follows... + proposal_check strict; + + proposal { + encryption_algorithm 3des; + hash_algorithm sha1; + authentication_method rsasig; + dh_group 2; + } +} + +sainfo anonymous +{ + pfs_group 2; + lifetime time 12 hour; + encryption_algorithm 3des, aes; + authentication_algorithm hmac_sha1, hmac_md5; + compression_algorithm deflate; +} |