ipsec-332.100.1.tar.gz

[apple/ipsec.git] / ipsec-tools / racoon / Sample / racoon.conf

diff --git a/ipsec-tools/racoon/Sample/racoon.conf b/ipsec-tools/racoon/Sample/racoon.conf
index 2a6112bfc53311167d62fb644f9f6062522211f0..47283139a87c1f8008d5c99f3100aa9775820eca 100644 (file)
--- a/ipsec-tools/racoon/Sample/racoon.conf
+++ b/ipsec-tools/racoon/Sample/racoon.conf
@@ -1,13 +1,9 @@
 # $KAME: racoon.conf.in,v 1.17 2001/08/14 12:10:22 sakane Exp $
 
-# "path" must be placed before it should be used.
-# You can overwrite which you defined, but it should not use due to confusing.
+# "path" must be placed before it is used.
+# You can overwrite what you defined, but it should not be used due to confusion.
 path include "/etc/racoon" ;
 
-# Allow third parties the ability to specify remote and sainfo entries
-# by including all files matching /etc/racoon/remote/*.conf
-include "/etc/racoon/remote/*.conf" ;
-
 # search this file for pre_shared_key with various ID key.
 path pre_shared_key "/etc/racoon/psk.txt" ;
 
@@ -130,8 +126,13 @@ sainfo address ::1 icmp6 address ::1 icmp6
 {
        pfs_group 1;
        lifetime time 60 sec;
-       encryption_algorithm 3des, cast128, blowfish 448, des ;
+       encryption_algorithm 3des, aes ;
        authentication_algorithm hmac_sha1, hmac_md5 ;
        compression_algorithm deflate ;
 }
 
+# Allow third parties the ability to specify remote and sainfo entries
+# by including all files matching /var/run/racoon/*.conf
+# This line should be added at the end of the racoon.conf file
+# so that settings such as timer values will be appropriately applied.
+include "/var/run/racoon/*.conf" ;