network_cmds-245.8.tar.gz

[apple/network_cmds.git] / racoon.tproj / racoon.conf

diff --git a/racoon.tproj/racoon.conf b/racoon.tproj/racoon.conf
index 9487f2ad03d86db944fd0940b492ef71f204b248..8eff69720f778e669ccd92550a412c3e632fbc5c 100644 (file)
--- a/racoon.tproj/racoon.conf
+++ b/racoon.tproj/racoon.conf
@@ -3,7 +3,10 @@
 # "path" must be placed before it should be used.
 # You can overwrite which you defined, but it should not use due to confusing.
 path include "/etc/racoon" ;
-#include "remote.conf" ;
+
+# Allow third parties the ability to specify remote and sainfo entries
+# by including all files matching /etc/racoon/remote/*.conf
+include "/etc/racoon/remote/*.conf" ;
 
 # search this file for pre_shared_key with various ID key.
 path pre_shared_key "/etc/racoon/psk.txt" ;
@@ -39,40 +42,43 @@ listen
 timer
 {
        # These value can be changed per remote node.
-       counter 5;              # maximum trying count to send.
-       interval 20 sec;        # maximum interval to resend.
+       counter 10;             # maximum trying count to send.
+       interval 3 sec; # interval to resend (retransmit)
        persend 1;              # the number of packets per a send.
 
        # timer for waiting to complete each phase.
        phase1 30 sec;
-       phase2 15 sec;
+       phase2 30 sec;
 }
 
-remote anonymous
-{
-       #exchange_mode main,aggressive;
-       exchange_mode aggressive,main;
-       doi ipsec_doi;
-       situation identity_only;
-
-       #my_identifier address;
-       my_identifier user_fqdn "macuser@localhost";
-       peers_identifier user_fqdn "macuser@localhost";
-       #certificate_type x509 "mycert" "mypriv";
-
-       nonce_size 16;
-       lifetime time 1 min;    # sec,min,hour
-       initial_contact on;
-       support_mip6 on;
-       proposal_check obey;    # obey, strict or claim
-
-       proposal {
-               encryption_algorithm 3des;
-               hash_algorithm sha1;
-               authentication_method pre_shared_key ;
-               dh_group 2 ;
-       }
-}
+#
+# anonymous entry is defined in /etc/racoon/remote/anonymous.conf
+#
+#remote anonymous
+#{
+#      #exchange_mode main,aggressive;
+#      exchange_mode aggressive,main;
+#      doi ipsec_doi;
+#      situation identity_only;
+#
+#      #my_identifier address;
+#      my_identifier user_fqdn "macuser@localhost";
+#      peers_identifier user_fqdn "macuser@localhost";
+#      #certificate_type x509 "mycert" "mypriv";
+#
+#      nonce_size 16;
+#      lifetime time 1 min;    # sec,min,hour
+#      initial_contact on;
+#      support_mip6 on;
+#      proposal_check obey;    # obey, strict or claim
+#
+#      proposal {
+#              encryption_algorithm 3des;
+#              hash_algorithm sha1;
+#              authentication_method pre_shared_key ;
+#              dh_group 2 ;
+#      }
+#}
 
 remote ::1 [8000]
 {
@@ -96,14 +102,17 @@ remote ::1 [8000]
        }
 }
 
-sainfo anonymous
-{
-       pfs_group 1;
-       lifetime time 30 sec;
-       encryption_algorithm 3des ;
-       authentication_algorithm hmac_sha1;
-       compression_algorithm deflate ;
-}
+#
+# anonymous entry is defined in /etc/racoon/remote/anonymous.conf
+#
+#sainfo anonymous
+#{
+#      pfs_group 1;
+#      lifetime time 30 sec;
+#      encryption_algorithm aes, 3des ;
+#      authentication_algorithm hmac_sha1;
+#      compression_algorithm deflate ;
+#}
 
 # sainfo address 203.178.141.209 any address 203.178.141.218 any
 # {