[apple/network_cmds.git] / racoon.tproj / racoon.conf

# $KAME: racoon.conf.in,v 1.17 2001/08/14 12:10:22 sakane Exp $

# "path" must be placed before it should be used.
# You can overwrite which you defined, but it should not use due to confusing.
path include "/etc/racoon" ;
#include "remote.conf" ;

# search this file for pre_shared_key with various ID key.
path pre_shared_key "/etc/racoon/psk.txt" ;

# racoon will look for certificate file in the directory,
# if the certificate/certificate request payload is received.
path certificate "/etc/cert" ;

# "log" specifies logging level.  It is followed by either "notify", "debug"
# or "debug2".
#log debug;

# "padding" defines some parameter of padding.  You should not touch these.
padding
{
	maximum_length 20;	# maximum padding length.
	randomize off;		# enable randomize length.
	strict_check off;	# enable strict check.
	exclusive_tail off;	# extract last one octet.
}

# if no listen directive is specified, racoon will listen to all
# available interface addresses.
listen
{
	#isakmp ::1 [7000];
	#isakmp 202.249.11.124 [500];
	#admin [7002];		# administrative's port by kmpstat.
	#strict_address; 	# required all addresses must be bound.
}

# Specification of default various timer.
timer
{
	# These value can be changed per remote node.
	counter 5;		# maximum trying count to send.
	interval 20 sec;	# maximum interval to resend.
	persend 1;		# the number of packets per a send.

	# timer for waiting to complete each phase.
	phase1 30 sec;
	phase2 15 sec;
}

remote anonymous
{
	#exchange_mode main,aggressive;
	exchange_mode aggressive,main;
	doi ipsec_doi;
	situation identity_only;

	#my_identifier address;
	my_identifier user_fqdn "macuser@localhost";
	peers_identifier user_fqdn "macuser@localhost";
	#certificate_type x509 "mycert" "mypriv";

	nonce_size 16;
	lifetime time 1 min;	# sec,min,hour
	initial_contact on;
	support_mip6 on;
	proposal_check obey;	# obey, strict or claim

	proposal {
		encryption_algorithm 3des;
		hash_algorithm sha1;
		authentication_method pre_shared_key ;
		dh_group 2 ;
	}
}

remote ::1 [8000]
{
	#exchange_mode main,aggressive;
	exchange_mode aggressive,main;
	doi ipsec_doi;
	situation identity_only;

	my_identifier user_fqdn "macuser@localhost";
	peers_identifier user_fqdn "macuser@localhost";
	#certificate_type x509 "mycert" "mypriv";

	nonce_size 16;
	lifetime time 1 min;	# sec,min,hour

	proposal {
		encryption_algorithm 3des;
		hash_algorithm sha1;
		authentication_method pre_shared_key ;
		dh_group 2 ;
	}
}

sainfo anonymous
{
	pfs_group 1;
	lifetime time 30 sec;
	encryption_algorithm 3des ;
	authentication_algorithm hmac_sha1;
	compression_algorithm deflate ;
}

# sainfo address 203.178.141.209 any address 203.178.141.218 any
# {
#	pfs_group 1;
#	lifetime time 30 sec;
#	encryption_algorithm des ;
#	authentication_algorithm hmac_md5;
#	compression_algorithm deflate ;
# }

sainfo address ::1 icmp6 address ::1 icmp6
{
	pfs_group 1;
	lifetime time 60 sec;
	encryption_algorithm 3des, cast128, blowfish 448, des ;
	authentication_algorithm hmac_sha1, hmac_md5 ;
	compression_algorithm deflate ;
}
Commit	Line	Data
7ba0088d A	1	# $KAME: racoon.conf.in,v 1.17 2001/08/14 12:10:22 sakane Exp $
	2
	3	# "path" must be placed before it should be used.
	4	# You can overwrite which you defined, but it should not use due to confusing.
	5	path include "/etc/racoon" ;
	6	#include "remote.conf" ;
	7
	8	# search this file for pre_shared_key with various ID key.
	9	path pre_shared_key "/etc/racoon/psk.txt" ;
	10
	11	# racoon will look for certificate file in the directory,
	12	# if the certificate/certificate request payload is received.
	13	path certificate "/etc/cert" ;
	14
	15	# "log" specifies logging level. It is followed by either "notify", "debug"
	16	# or "debug2".
	17	#log debug;
	18
	19	# "padding" defines some parameter of padding. You should not touch these.
	20	padding
	21	{
	22	maximum_length 20; # maximum padding length.
	23	randomize off; # enable randomize length.
	24	strict_check off; # enable strict check.
	25	exclusive_tail off; # extract last one octet.
	26	}
	27
	28	# if no listen directive is specified, racoon will listen to all
	29	# available interface addresses.
	30	listen
	31	{
	32	#isakmp ::1 [7000];
	33	#isakmp 202.249.11.124 [500];
	34	#admin [7002]; # administrative's port by kmpstat.
	35	#strict_address; # required all addresses must be bound.
	36	}
	37
	38	# Specification of default various timer.
	39	timer
	40	{
	41	# These value can be changed per remote node.
	42	counter 5; # maximum trying count to send.
	43	interval 20 sec; # maximum interval to resend.
	44	persend 1; # the number of packets per a send.
	45
	46	# timer for waiting to complete each phase.
	47	phase1 30 sec;
	48	phase2 15 sec;
	49	}
	50
	51	remote anonymous
	52	{
	53	#exchange_mode main,aggressive;
	54	exchange_mode aggressive,main;
	55	doi ipsec_doi;
	56	situation identity_only;
	57
	58	#my_identifier address;
	59	my_identifier user_fqdn "macuser@localhost";
	60	peers_identifier user_fqdn "macuser@localhost";
	61	#certificate_type x509 "mycert" "mypriv";
	62
	63	nonce_size 16;
	64	lifetime time 1 min; # sec,min,hour
65	initial_contact on;
66	support_mip6 on;
67	proposal_check obey; # obey, strict or claim
68
69	proposal {
70	encryption_algorithm 3des;
71	hash_algorithm sha1;
72	authentication_method pre_shared_key ;
73	dh_group 2 ;
74	}
75	}
76
77	remote ::1 [8000]
78	{
79	#exchange_mode main,aggressive;
80	exchange_mode aggressive,main;
81	doi ipsec_doi;
82	situation identity_only;
83
84	my_identifier user_fqdn "macuser@localhost";
85	peers_identifier user_fqdn "macuser@localhost";
86	#certificate_type x509 "mycert" "mypriv";
87
88	nonce_size 16;
89	lifetime time 1 min; # sec,min,hour
90
91	proposal {
92	encryption_algorithm 3des;
93	hash_algorithm sha1;
94	authentication_method pre_shared_key ;
95	dh_group 2 ;
96	}
97	}
98
99	sainfo anonymous
100	{
101	pfs_group 1;
102	lifetime time 30 sec;
103	encryption_algorithm 3des ;
104	authentication_algorithm hmac_sha1;
105	compression_algorithm deflate ;
106	}
107
108	# sainfo address 203.178.141.209 any address 203.178.141.218 any
109	# {
110	# pfs_group 1;
111	# lifetime time 30 sec;
112	# encryption_algorithm des ;
113	# authentication_algorithm hmac_md5;
114	# compression_algorithm deflate ;
115	# }
116
117	sainfo address ::1 icmp6 address ::1 icmp6
118	{
119	pfs_group 1;
120	lifetime time 60 sec;
121	encryption_algorithm 3des, cast128, blowfish 448, des ;
122	authentication_algorithm hmac_sha1, hmac_md5 ;
123	compression_algorithm deflate ;
124	}
125