[apple/network_cmds.git] / racoon.tproj / racoon.conf

# $KAME: racoon.conf.in,v 1.17 2001/08/14 12:10:22 sakane Exp $

# "path" must be placed before it should be used.
# You can overwrite which you defined, but it should not use due to confusing.
path include "/etc/racoon" ;

# Allow third parties the ability to specify remote and sainfo entries
# by including all files matching /etc/racoon/remote/*.conf
include "/etc/racoon/remote/*.conf" ;

# search this file for pre_shared_key with various ID key.
path pre_shared_key "/etc/racoon/psk.txt" ;

# racoon will look for certificate file in the directory,
# if the certificate/certificate request payload is received.
path certificate "/etc/cert" ;

# "log" specifies logging level.  It is followed by either "notify", "debug"
# or "debug2".
#log debug;

# "padding" defines some parameter of padding.  You should not touch these.
padding
{
	maximum_length 20;	# maximum padding length.
	randomize off;		# enable randomize length.
	strict_check off;	# enable strict check.
	exclusive_tail off;	# extract last one octet.
}

# if no listen directive is specified, racoon will listen to all
# available interface addresses.
listen
{
	#isakmp ::1 [7000];
	#isakmp 202.249.11.124 [500];
	#admin [7002];		# administrative's port by kmpstat.
	#strict_address; 	# required all addresses must be bound.
}

# Specification of default various timer.
timer
{
	# These value can be changed per remote node.
	counter 10;		# maximum trying count to send.
	interval 3 sec;	# interval to resend (retransmit)
	persend 1;		# the number of packets per a send.

	# timer for waiting to complete each phase.
	phase1 30 sec;
	phase2 30 sec;
}

#
# anonymous entry is defined in /etc/racoon/remote/anonymous.conf
#
#remote anonymous
#{
#	#exchange_mode main,aggressive;
#	exchange_mode aggressive,main;
#	doi ipsec_doi;
#	situation identity_only;
#
#	#my_identifier address;
#	my_identifier user_fqdn "macuser@localhost";
#	peers_identifier user_fqdn "macuser@localhost";
#	#certificate_type x509 "mycert" "mypriv";
#
#	nonce_size 16;
#	lifetime time 1 min;	# sec,min,hour
#	initial_contact on;
#	support_mip6 on;
#	proposal_check obey;	# obey, strict or claim
#
#	proposal {
#		encryption_algorithm 3des;
#		hash_algorithm sha1;
#		authentication_method pre_shared_key ;
#		dh_group 2 ;
#	}
#}

remote ::1 [8000]
{
	#exchange_mode main,aggressive;
	exchange_mode aggressive,main;
	doi ipsec_doi;
	situation identity_only;

	my_identifier user_fqdn "macuser@localhost";
	peers_identifier user_fqdn "macuser@localhost";
	#certificate_type x509 "mycert" "mypriv";

	nonce_size 16;
	lifetime time 1 min;	# sec,min,hour

	proposal {
		encryption_algorithm 3des;
		hash_algorithm sha1;
		authentication_method pre_shared_key ;
		dh_group 2 ;
	}
}

#
# anonymous entry is defined in /etc/racoon/remote/anonymous.conf
#
#sainfo anonymous
#{
#	pfs_group 1;
#	lifetime time 30 sec;
#	encryption_algorithm aes, 3des ;
#	authentication_algorithm hmac_sha1;
#	compression_algorithm deflate ;
#}

# sainfo address 203.178.141.209 any address 203.178.141.218 any
# {
#	pfs_group 1;
#	lifetime time 30 sec;
#	encryption_algorithm des ;
#	authentication_algorithm hmac_md5;
#	compression_algorithm deflate ;
# }

sainfo address ::1 icmp6 address ::1 icmp6
{
	pfs_group 1;
	lifetime time 60 sec;
	encryption_algorithm 3des, cast128, blowfish 448, des ;
	authentication_algorithm hmac_sha1, hmac_md5 ;
	compression_algorithm deflate ;
}
Commit	Line	Data
7ba0088d A	1	# $KAME: racoon.conf.in,v 1.17 2001/08/14 12:10:22 sakane Exp $
	2
	3	# "path" must be placed before it should be used.
	4	# You can overwrite which you defined, but it should not use due to confusing.
	5	path include "/etc/racoon" ;
ac2f15b3 A	6
	7	# Allow third parties the ability to specify remote and sainfo entries
	8	# by including all files matching /etc/racoon/remote/*.conf
	9	include "/etc/racoon/remote/*.conf" ;
7ba0088d A	10
	11	# search this file for pre_shared_key with various ID key.
	12	path pre_shared_key "/etc/racoon/psk.txt" ;
	13
	14	# racoon will look for certificate file in the directory,
	15	# if the certificate/certificate request payload is received.
	16	path certificate "/etc/cert" ;
	17
	18	# "log" specifies logging level. It is followed by either "notify", "debug"
	19	# or "debug2".
	20	#log debug;
	21
	22	# "padding" defines some parameter of padding. You should not touch these.
	23	padding
	24	{
	25	maximum_length 20; # maximum padding length.
	26	randomize off; # enable randomize length.
	27	strict_check off; # enable strict check.
	28	exclusive_tail off; # extract last one octet.
	29	}
	30
	31	# if no listen directive is specified, racoon will listen to all
	32	# available interface addresses.
	33	listen
	34	{
	35	#isakmp ::1 [7000];
	36	#isakmp 202.249.11.124 [500];
	37	#admin [7002]; # administrative's port by kmpstat.
	38	#strict_address; # required all addresses must be bound.
	39	}
	40
	41	# Specification of default various timer.
	42	timer
	43	{
	44	# These value can be changed per remote node.
ac2f15b3 A	45	counter 10; # maximum trying count to send.
ac2f15b3 A	46	interval 3 sec; # interval to resend (retransmit)
7ba0088d A	47	persend 1; # the number of packets per a send.
	48
	49	# timer for waiting to complete each phase.
	50	phase1 30 sec;
ac2f15b3	51	phase2 30 sec;
7ba0088d A	52	}
7ba0088d A	53
ac2f15b3 A	54	#
	55	# anonymous entry is defined in /etc/racoon/remote/anonymous.conf
	56	#
	57	#remote anonymous
	58	#{
	59	# #exchange_mode main,aggressive;
	60	# exchange_mode aggressive,main;
	61	# doi ipsec_doi;
	62	# situation identity_only;
	63	#
	64	# #my_identifier address;
	65	# my_identifier user_fqdn "macuser@localhost";
	66	# peers_identifier user_fqdn "macuser@localhost";
	67	# #certificate_type x509 "mycert" "mypriv";
	68	#
	69	# nonce_size 16;
	70	# lifetime time 1 min; # sec,min,hour
	71	# initial_contact on;
	72	# support_mip6 on;
	73	# proposal_check obey; # obey, strict or claim
	74	#
	75	# proposal {
	76	# encryption_algorithm 3des;
	77	# hash_algorithm sha1;
	78	# authentication_method pre_shared_key ;
	79	# dh_group 2 ;
	80	# }
	81	#}
7ba0088d A	82
	83	remote ::1 [8000]
	84	{
	85	#exchange_mode main,aggressive;
	86	exchange_mode aggressive,main;
	87	doi ipsec_doi;
	88	situation identity_only;
	89
	90	my_identifier user_fqdn "macuser@localhost";
	91	peers_identifier user_fqdn "macuser@localhost";
	92	#certificate_type x509 "mycert" "mypriv";
	93
	94	nonce_size 16;
	95	lifetime time 1 min; # sec,min,hour
	96
	97	proposal {
	98	encryption_algorithm 3des;
	99	hash_algorithm sha1;
	100	authentication_method pre_shared_key ;
	101	dh_group 2 ;
	102	}
	103	}
	104
ac2f15b3 A	105	#
	106	# anonymous entry is defined in /etc/racoon/remote/anonymous.conf
	107	#
	108	#sainfo anonymous
	109	#{
	110	# pfs_group 1;
	111	# lifetime time 30 sec;
	112	# encryption_algorithm aes, 3des ;
	113	# authentication_algorithm hmac_sha1;
	114	# compression_algorithm deflate ;
	115	#}
7ba0088d A	116
	117	# sainfo address 203.178.141.209 any address 203.178.141.218 any
	118	# {
	119	# pfs_group 1;
	120	# lifetime time 30 sec;
	121	# encryption_algorithm des ;
	122	# authentication_algorithm hmac_md5;
	123	# compression_algorithm deflate ;
	124	# }
	125
	126	sainfo address ::1 icmp6 address ::1 icmp6
	127	{
	128	pfs_group 1;
	129	lifetime time 60 sec;
	130	encryption_algorithm 3des, cast128, blowfish 448, des ;
	131	authentication_algorithm hmac_sha1, hmac_md5 ;
	132	compression_algorithm deflate ;
	133	}
	134