| blob | 631910f28300d6f7c161d999ac1efc3a0325737e |
1 # $KAME: racoon.conf.sample,v 1.28 2002/10/18 14:33:28 itojun Exp $
3 # "path" affects "include" directives. "path" must be specified before any
4 # "include" directive with relative file path.
5 # you can overwrite "path" directive afterwards, however, doing so may add
6 # more confusion.
7 #path include "/usr/local/v6/etc" ;
8 #include "remote.conf" ;
10 # the file should contain key ID/key pairs, for pre-shared key authentication.
11 path pre_shared_key "/usr/local/v6/etc/psk.txt" ;
13 # racoon will look for certificate file in the directory,
14 # if the certificate/certificate request payload is received.
15 #path certificate "/usr/local/openssl/certs" ;
17 # "log" specifies logging level. It is followed by either "notify", "debug"
18 # or "debug2".
19 #log debug;
21 remote anonymous
22 {
23 #exchange_mode main,aggressive,base;
24 exchange_mode main,base;
26 #my_identifier fqdn "server.kame.net";
27 #certificate_type x509 "foo@kame.net.cert" "foo@kame.net.priv" ;
29 lifetime time 24 hour ; # sec,min,hour
31 #initial_contact off ;
32 #passive on ;
34 # phase 1 proposal (for ISAKMP SA)
35 proposal {
36 encryption_algorithm 3des;
37 hash_algorithm sha1;
38 authentication_method pre_shared_key ;
39 dh_group 2 ;
40 }
42 # the configuration could makes racoon (as a responder)
43 # to obey the initiator's lifetime and PFS group proposal,
44 # by setting proposal_check to obey.
45 # this would makes testing "so much easier", but is really
46 # *not* secure !!!
47 proposal_check strict;
48 }
50 # phase 2 proposal (for IPsec SA).
51 # actual phase 2 proposal will obey the following items:
52 # - kernel IPsec policy configuration (like "esp/transport//use)
53 # - permutation of the crypto/hash/compression algorithms presented below
54 sainfo anonymous
55 {
56 pfs_group 2;
57 lifetime time 12 hour ;
58 encryption_algorithm 3des, cast128, blowfish 448, des, rijndael ;
59 authentication_algorithm hmac_sha1, hmac_md5 ;
60 compression_algorithm deflate ;
61 }