From: VANHULLEBUS Y. <va...@us...> - 2005-12-13 16:41:15
|
Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon/samples In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21975/src/racoon/samples Modified Files: racoon.conf.in racoon.conf.sample racoon.conf.sample-inherit racoon.conf.sample-natt racoon.conf.sample-plainrsa Log Message: replaced obey mode by strict mode Index: racoon.conf.sample =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/samples/racoon.conf.sample,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- racoon.conf.sample 18 Apr 2005 11:07:55 -0000 1.2 +++ racoon.conf.sample 13 Dec 2005 16:41:07 -0000 1.3 @@ -39,10 +39,12 @@ dh_group 2 ; } - # the configuration makes racoon (as a responder) to obey the - # initiator's lifetime and PFS group proposal. - # this makes testing so much easier. - proposal_check obey; + # the configuration could makes racoon (as a responder) + # to obey the initiator's lifetime and PFS group proposal, + # by setting proposal_check to obey. + # this would makes testing "so much easier", but is really + # *not* secure !!! + proposal_check strict; } # phase 2 proposal (for IPsec SA). Index: racoon.conf.sample-plainrsa =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/samples/racoon.conf.sample-plainrsa,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- racoon.conf.sample-plainrsa 18 Apr 2005 11:07:55 -0000 1.3 +++ racoon.conf.sample-plainrsa 13 Dec 2005 16:41:07 -0000 1.4 @@ -26,7 +26,7 @@ peers_certfile plain_rsa "pubkey2.rsa"; # Standard setup follows... - proposal_check obey; + proposal_check strict; proposal { encryption_algorithm 3des; Index: racoon.conf.sample-natt =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/samples/racoon.conf.sample-natt,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- racoon.conf.sample-natt 18 Apr 2005 11:07:55 -0000 1.4 +++ racoon.conf.sample-natt 13 Dec 2005 16:41:07 -0000 1.5 @@ -83,7 +83,7 @@ dh_group 2; } - proposal_check obey; + proposal_check strict; } # Phase 2 proposal (for IPsec SA) Index: racoon.conf.sample-inherit =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/samples/racoon.conf.sample-inherit,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- racoon.conf.sample-inherit 18 Apr 2005 11:07:55 -0000 1.2 +++ racoon.conf.sample-inherit 13 Dec 2005 16:41:07 -0000 1.3 @@ -17,7 +17,7 @@ nonce_size 16; initial_contact on; - proposal_check obey; # obey, strict or claim + proposal_check strict; # obey, strict or claim proposal { encryption_algorithm 3des; Index: racoon.conf.in =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/samples/racoon.conf.in,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- racoon.conf.in 18 Apr 2005 11:07:55 -0000 1.3 +++ racoon.conf.in 13 Dec 2005 16:41:07 -0000 1.4 @@ -61,7 +61,7 @@ nonce_size 16; initial_contact on; - proposal_check obey; # obey, strict, or claim + proposal_check strict; # obey, strict, or claim proposal { encryption_algorithm 3des; |