crypto/dist/ipsec-tools/src/racoon/samples/racoon.conf.sample-inherit

   1 # Id: racoon.conf.sample-inherit,v 1.3 2005/12/13 16:41:07 vanhu Exp
   2 # Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
   3
   4 # This file shows the basic inheritance usage in 'remote' statements.
   5
   6 path pre_shared_key "/etc/racoon/psk.txt";
   7 path certificate "/etc/racoon";
   8
   9 remote anonymous
  10 {
  11         exchange_mode main,aggressive;
  12         doi ipsec_doi;
  13         situation identity_only;
  14
  15         my_identifier asn1dn;
  16         certificate_type x509 "my.cert.pem" "my.key.pem";
  17
  18         nonce_size 16;
  19         initial_contact on;
  20         proposal_check strict;  # obey, strict or claim
  21
  22         proposal {
  23                 encryption_algorithm 3des;
  24                 hash_algorithm sha1;
  25                 authentication_method rsasig;
  26                 dh_group 2;
  27         }
  28 }
  29
  30 remote 3ffe:ffff::1 inherit anonymous
  31 {
  32         exchange_mode aggressive;
  33         nat_traversal force;
  34 }
  35
  36 remote 3ffe:ffff::1 [8000] inherit 3ffe:ffff::1
  37 {
  38         lifetime time 1 min;    # sec,min,hour
  39
  40         proposal {
  41                 encryption_algorithm 3des;
  42                 hash_algorithm sha1;
  43                 authentication_method pre_shared_key;
  44                 dh_group 2;
  45         }
  46 }
  47
  48 sainfo anonymous
  49 {
  50         pfs_group 2;
  51         lifetime time 12 hour;
  52         encryption_algorithm aes, 3des;
  53         authentication_algorithm hmac_sha1, hmac_md5;
  54         compression_algorithm deflate;
  55 }