From: Michal L. <lu...@us...> - 2004-04-14 08:46:13
|
Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon/samples In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13156/src/racoon/samples Modified Files: racoon.conf.in Log Message: 2004-04-14 Michal Ludvig <ml...@su...> * src/racoon/samples/racoon.conf.in: Cleaned up to work with Linux and FreeSWAN. Index: racoon.conf.in =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/samples/racoon.conf.in,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -d -r1.1.1.1 -r1.2 --- racoon.conf.in 26 Feb 2003 21:31:36 -0000 1.1.1.1 +++ racoon.conf.in 14 Apr 2004 08:46:05 -0000 1.2 @@ -2,15 +2,15 @@ # "path" must be placed before it should be used. # You can overwrite which you defined, but it should not use due to confusing. -path include "@sysconfdir_x@/racoon" ; -#include "remote.conf" ; +path include "@sysconfdir_x@/racoon"; +#include "remote.conf"; # search this file for pre_shared_key with various ID key. -path pre_shared_key "@sysconfdir_x@/racoon/psk.txt" ; +path pre_shared_key "@sysconfdir_x@/racoon/psk.txt"; # racoon will look for certificate file in the directory, # if the certificate/certificate request payload is received. -path certificate "@sysconfdir_x@/cert" ; +path certificate "@sysconfdir_x@/cert"; # "log" specifies logging level. It is followed by either "notify", "debug" # or "debug2". @@ -50,27 +50,22 @@ remote anonymous { - #exchange_mode main,aggressive; - exchange_mode aggressive,main; + exchange_mode main,aggressive; doi ipsec_doi; situation identity_only; - #my_identifier address; - my_identifier user_fqdn "sa...@ka..."; - peers_identifier user_fqdn "sa...@ka..."; - #certificate_type x509 "mycert" "mypriv"; + my_identifier asn1dn; + certificate_type x509 "my.cert.pem" "my.key.pem"; nonce_size 16; - lifetime time 1 min; # sec,min,hour initial_contact on; - support_mip6 on; proposal_check obey; # obey, strict or claim proposal { encryption_algorithm 3des; hash_algorithm sha1; - authentication_method pre_shared_key ; - dh_group 2 ; + authentication_method rsasig; + dh_group 2; } } @@ -91,35 +86,34 @@ proposal { encryption_algorithm 3des; hash_algorithm sha1; - authentication_method pre_shared_key ; - dh_group 2 ; + authentication_method pre_shared_key; + dh_group 2; } } sainfo anonymous { - pfs_group 1; - lifetime time 30 sec; - encryption_algorithm 3des ; + pfs_group 2; + encryption_algorithm 3des; authentication_algorithm hmac_sha1; - compression_algorithm deflate ; + compression_algorithm deflate; } sainfo address 203.178.141.209 any address 203.178.141.218 any { - pfs_group 1; + pfs_group 2; lifetime time 30 sec; - encryption_algorithm des ; + encryption_algorithm des; authentication_algorithm hmac_md5; - compression_algorithm deflate ; + compression_algorithm deflate; } sainfo address ::1 icmp6 address ::1 icmp6 { - pfs_group 1; + pfs_group 3; lifetime time 60 sec; - encryption_algorithm 3des, cast128, blowfish 448, des ; - authentication_algorithm hmac_sha1, hmac_md5 ; - compression_algorithm deflate ; + encryption_algorithm 3des, blowfish, aes; + authentication_algorithm hmac_sha1, hmac_md5; + compression_algorithm deflate; } |