]> git.saurik.com Git - apple/network_cmds.git/blob - racoon.tproj/racoon.conf
projects / apple / network_cmds.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
network_cmds-115.tar.gz
[apple/network_cmds.git] / racoon.tproj / racoon.conf
1 # $KAME: racoon.conf.in,v 1.17 2001/08/14 12:10:22 sakane Exp $
2
3 # "path" must be placed before it should be used.
4 # You can overwrite which you defined, but it should not use due to confusing.
5 path include "/etc/racoon" ;
6 #include "remote.conf" ;
7
8 # search this file for pre_shared_key with various ID key.
9 path pre_shared_key "/etc/racoon/psk.txt" ;
10
11 # racoon will look for certificate file in the directory,
12 # if the certificate/certificate request payload is received.
13 path certificate "/etc/cert" ;
14
15 # "log" specifies logging level. It is followed by either "notify", "debug"
16 # or "debug2".
17 #log debug;
18
19 # "padding" defines some parameter of padding. You should not touch these.
20 padding
21 {
22 maximum_length 20; # maximum padding length.
23 randomize off; # enable randomize length.
24 strict_check off; # enable strict check.
25 exclusive_tail off; # extract last one octet.
26 }
27
28 # if no listen directive is specified, racoon will listen to all
29 # available interface addresses.
30 listen
31 {
32 #isakmp ::1 [7000];
33 #isakmp 202.249.11.124 [500];
34 #admin [7002]; # administrative's port by kmpstat.
35 #strict_address; # required all addresses must be bound.
36 }
37
38 # Specification of default various timer.
39 timer
40 {
41 # These value can be changed per remote node.
42 counter 5; # maximum trying count to send.
43 interval 20 sec; # maximum interval to resend.
44 persend 1; # the number of packets per a send.
45
46 # timer for waiting to complete each phase.
47 phase1 30 sec;
48 phase2 15 sec;
49 }
50
51 remote anonymous
52 {
53 #exchange_mode main,aggressive;
54 exchange_mode aggressive,main;
55 doi ipsec_doi;
56 situation identity_only;
57
58 #my_identifier address;
59 my_identifier user_fqdn "macuser@localhost";
60 peers_identifier user_fqdn "macuser@localhost";
61 #certificate_type x509 "mycert" "mypriv";
62
63 nonce_size 16;
64 lifetime time 1 min; # sec,min,hour
65 initial_contact on;
66 support_mip6 on;
67 proposal_check obey; # obey, strict or claim
68
69 proposal {
70 encryption_algorithm 3des;
71 hash_algorithm sha1;
72 authentication_method pre_shared_key ;
73 dh_group 2 ;
74 }
75 }
76
77 remote ::1 [8000]
78 {
79 #exchange_mode main,aggressive;
80 exchange_mode aggressive,main;
81 doi ipsec_doi;
82 situation identity_only;
83
84 my_identifier user_fqdn "macuser@localhost";
85 peers_identifier user_fqdn "macuser@localhost";
86 #certificate_type x509 "mycert" "mypriv";
87
88 nonce_size 16;
89 lifetime time 1 min; # sec,min,hour
90
91 proposal {
92 encryption_algorithm 3des;
93 hash_algorithm sha1;
94 authentication_method pre_shared_key ;
95 dh_group 2 ;
96 }
97 }
98
99 sainfo anonymous
100 {
101 pfs_group 1;
102 lifetime time 30 sec;
103 encryption_algorithm 3des ;
104 authentication_algorithm hmac_sha1;
105 compression_algorithm deflate ;
106 }
107
108 # sainfo address 203.178.141.209 any address 203.178.141.218 any
109 # {
110 # pfs_group 1;
111 # lifetime time 30 sec;
112 # encryption_algorithm des ;
113 # authentication_algorithm hmac_md5;
114 # compression_algorithm deflate ;
115 # }
116
117 sainfo address ::1 icmp6 address ::1 icmp6
118 {
119 pfs_group 1;
120 lifetime time 60 sec;
121 encryption_algorithm 3des, cast128, blowfish 448, des ;
122 authentication_algorithm hmac_sha1, hmac_md5 ;
123 compression_algorithm deflate ;
124 }
125
mirror of network_cmds