src - OpenBSD base system

diff options


context:
space:
mode:

author	Niklas Hallqvist <niklas@cvs.openbsd.org>	1999-07-07 22:11:33 +0000
committer	Niklas Hallqvist <niklas@cvs.openbsd.org>	1999-07-07 22:11:33 +0000
commit	b1fb515c01f9a831ed5efcaa2dbe562f88093b27 (patch)
tree	07f548ba9a25c443a75b53427f6282c593d58361
parent	3faf1a46a810e61aa2023fc59d6f0a34a38e4189 (diff)

Merge with EOM 1.27

author: niklas Not a good sample anymore

Diffstat

-rw-r--r--

sbin/isakmpd/isakmpd.conf.sample

420

1 files changed, 0 insertions, 420 deletions

diff --git a/sbin/isakmpd/isakmpd.conf.sample b/sbin/isakmpd/isakmpd.conf.sample
deleted file mode 100644
index 0da2cc94c33..00000000000
--- a/sbin/isakmpd/isakmpd.conf.sample
+++ /dev/null

@@ -1,420 +0,0 @@

-# $OpenBSD: isakmpd.conf.sample,v 1.7 1999/02/26 03:45:30 niklas Exp $

-# $EOM: isakmpd.conf.sample,v 1.26 1999/02/24 15:48:51 niklas Exp $

-# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.

-[General]

-Retransmits= 3

-Exchange-max-time= 120

-#Listen-on= 10.1.0.2

-# Incoming phase 1 negotiations are multiplexed on the source IP address

-[Phase 1]

-10.1.0.1= ISAKMP-peer-1

-10.1.0.2= ISAKMP-peer-2

-Default= Default-ISAKMP-peer

-# These connections are walked over after config file parsing and told

-# to the application layer so that it will inform us when traffic wants to

-# pass over them. This means we can do on-demand keying.

-[Phase 2]

-Connections= IPsec-1-2

-[ISAKMP-peer-1]

-Phase= 1

-Transport= udp

-# XXX Not yet implemented

-#Local-address= 10.1.0.2

-Address= 10.1.0.1

-# Default values for "Port" commented out

-#Port= isakmp

-#Port= 500

-Configuration= Default-incoming-main-mode

-Authentication= mekmitasdigoat

-[Very-strong-test]

-Phase= 1

-Transport= udp

-Address= 10.1.0.1

-Configuration= Very-strong-main-mode

-Authentication= mekmitasdigoat

-[Strong-test]

-Phase= 1

-Transport= udp

-Address= 10.1.0.1

-Configuration= Strong-main-mode

-Authentication= mekmitasdigoat

-[Default-test]

-Phase= 1

-Transport= udp

-Address= 10.1.0.1

-Configuration= Default-main-mode

-Authentication= mekmitasdigoat

-[Weak-test]

-Phase= 1

-Transport= udp

-Address= 10.1.0.1

-Configuration= Weak-main-mode

-Authentication= mekmitasdigoat

-[ISAKMP-peer-2]

-Phase= 1

-Transport= udp

-# XXX Not yet implemented

-#Local-address= 10.1.0.1

-Address= 10.1.0.2

-# Default values for "Port" commented out

-#Port= isakmp

-#Port= 500

-Configuration= Default-incoming-main-mode

-Authentication= mekmitasdigoat

-[ISAKMP-orust.di.eom.crt.se]

-Phase= 1

-Transport= udp

-# XXX Not yet implemented

-#Local-address= 194.198.196.150

-Address= 193.12.107.84

-# Default values for "Port" commented out

-#Port= isakmp

-#Port= 500

-Configuration= Strong-main-mode

-Authentication= mekmitasdigoat

-[Default-ISAKMP-peer]

-Phase= 1

-# XXX Not yet implemented

-#Local-address= 10.1.0.2

-Configuration= Default-incoming-main-mode

-Authentication= mekmitasdigoat

-[IPsec-2-1]

-Phase= 2

-ISAKMP-peer= ISAKMP-peer-1

-Configuration= Default-quick-mode

-Local-ID= Net-2

-Remote-ID= Net-1

-[IPsec-1-2]

-Phase= 2

-ISAKMP-peer= ISAKMP-peer-2

-Configuration= Default-quick-mode

-Local-ID= Net-1

-Remote-ID= Net-2

-[IPsec-moby-1]

-Phase= 2

-ISAKMP-peer= ISAKMP-peer-1

-Configuration= Default-quick-mode

-Local-ID= moby.appli.se

-Remote-ID= Net-1

-[IPsec-moby-2]

-Phase= 2

-ISAKMP-peer= ISAKMP-orust.di.eom.crt.se

-Configuration= Default-quick-mode

-Local-ID= moby.appli.se

-Remote-ID= Net-2

-[Net-1]

-ID-type= IPV4_ADDR_SUBNET

-Network= 192.168.1.0

-Netmask= 255.255.255.0

-[Net-2]

-ID-type= IPV4_ADDR_SUBNET

-Network= 192.168.2.0

-Netmask= 255.255.255.0

-[moby.appli.se]

-ID-type= IPV4_ADDR

-Address= 194.198.196.216

-# Main mode descriptions

-[Default-incoming-main-mode]

-DOI= IPSEC

-EXCHANGE_TYPE= ID_PROT

-Transforms= BLF-SHA-EC185,BLF-MD5-EC155,3DES-SHA,DES-MD5

-[Very-strong-main-mode]

-DOI= IPSEC

-EXCHANGE_TYPE= ID_PROT

-Transforms= BLF-SHA-EC185

-[Strong-main-mode]

-DOI= IPSEC

-EXCHANGE_TYPE= ID_PROT

-Transforms= BLF-MD5-EC155

-[Default-main-mode]

-DOI= IPSEC

-EXCHANGE_TYPE= ID_PROT

-Transforms= 3DES-SHA

-[Weak-main-mode]

-DOI= IPSEC

-EXCHANGE_TYPE= ID_PROT

-Transforms= DES-MD5

-# Main mode transforms

-######################

-# DES

-[DES-MD5]

-ENCRYPTION_ALGORITHM= DES_CBC

-HASH_ALGORITHM= MD5

-AUTHENTICATION_METHOD= PRE_SHARED

-GROUP_DESCRIPTION= MODP_768

-Life= LIFE_600_SECS,LIFE_1000_KB

-[DES-MD5-NO-VOL-LIFE]

-ENCRYPTION_ALGORITHM= DES_CBC

-HASH_ALGORITHM= MD5

-AUTHENTICATION_METHOD= PRE_SHARED

-GROUP_DESCRIPTION= MODP_768

-Life= LIFE_600_SECS

-[DES-SHA]

-ENCRYPTION_ALGORITHM= DES_CBC

-HASH_ALGORITHM= SHA

-AUTHENTICATION_METHOD= PRE_SHARED

-GROUP_DESCRIPTION= MODP_768

-Life= LIFE_600_SECS,LIFE_1000_KB

-# 3DES

-[3DES-SHA]

-ENCRYPTION_ALGORITHM= 3DES_CBC

-HASH_ALGORITHM= SHA

-AUTHENTICATION_METHOD= PRE_SHARED

-GROUP_DESCRIPTION= MODP_1024

-Life= LIFE_600_SECS,LIFE_1000_KB

-# Blowfish

-[BLF-SHA-M1024]

-ENCRYPTION_ALGORITHM= BLOWFISH_CBC

-KEY_LENGTH= 128,96:192

-HASH_ALGORITHM= SHA

-AUTHENTICATION_METHOD= PRE_SHARED

-GROUP_DESCRIPTION= MODP_1024

-Life= LIFE_600_SECS,LIFE_1000_KB

-[BLF-SHA-EC155]

-ENCRYPTION_ALGORITHM= BLOWFISH_CBC

-KEY_LENGTH= 128,96:192

-HASH_ALGORITHM= SHA

-AUTHENTICATION_METHOD= PRE_SHARED

-GROUP_DESCRIPTION= EC2N_155

-Life= LIFE_600_SECS,LIFE_1000_KB

-[BLF-MD5-EC155]

-ENCRYPTION_ALGORITHM= BLOWFISH_CBC

-KEY_LENGTH= 128,96:192

-HASH_ALGORITHM= MD5

-AUTHENTICATION_METHOD= PRE_SHARED

-GROUP_DESCRIPTION= EC2N_155

-Life= LIFE_600_SECS,LIFE_1000_KB

-[BLF-SHA-EC185]

-ENCRYPTION_ALGORITHM= BLOWFISH_CBC

-KEY_LENGTH= 128,96:192

-HASH_ALGORITHM= SHA

-AUTHENTICATION_METHOD= PRE_SHARED

-GROUP_DESCRIPTION= EC2N_185

-Life= LIFE_600_SECS,LIFE_1000_KB

-# Quick mode description

-########################

-[Default-quick-mode]

-DOI= IPSEC

-EXCHANGE_TYPE= QUICK_MODE

-Suites= QM-ESP-3DES-SHA-PFS-SUITE,QM-ESP-DES-MD5-SUITE

-# Quick mode protection suites

-##############################

-# DES

-[QM-ESP-DES-SUITE]

-Protocols= QM-ESP-DES

-[QM-ESP-DES-PFS-SUITE]

-Protocols= QM-ESP-DES-PFS

-[QM-ESP-DES-MD5-SUITE]

-Protocols= QM-ESP-DES-MD5

-[QM-ESP-DES-MD5-PFS-SUITE]

-Protocols= QM-ESP-DES-MD5-PFS

-[QM-ESP-DES-SHA-SUITE]

-Protocols= QM-ESP-DES-SHA

-[QM-ESP-DES-SHA-PFS-SUITE]

-Protocols= QM-ESP-DES-SHA-PFS

-# 3DES

-[QM-ESP-3DES-SHA-SUITE]

-Protocols= QM-ESP-3DES-SHA

-[QM-ESP-3DES-SHA-PFS-SUITE]

-Protocols= QM-ESP-3DES-SHA-PFS

-# AH

-[QM-AH-MD5-SUITE]

-Protocols= QM-AH-MD5

-[QM-AH-MD5-PFS-SUITE]

-Protocols= QM-AH-MD5-PFS

-# AH + ESP

-[QM-AH-MD5-ESP-DES-SUITE]

-Protocols= QM-AH-MD5,QM-ESP-DES

-[QM-AH-MD5-ESP-DES-MD5-SUITE]

-Protocols= QM-AH-MD5,QM-ESP-DES-MD5

-[QM-ESP-DES-MD5-AH-MD5-SUITE]

-Protocols= QM-ESP-DES-MD5,QM-AH-MD5

-# Quick mode protocols

-# DES

-[QM-ESP-DES]

-PROTOCOL_ID= IPSEC_ESP

-Transforms= QM-ESP-DES-XF

-[QM-ESP-DES-MD5]

-PROTOCOL_ID= IPSEC_ESP

-Transforms= QM-ESP-DES-MD5-XF

-[QM-ESP-DES-MD5-PFS]

-PROTOCOL_ID= IPSEC_ESP

-Transforms= QM-ESP-DES-MD5-PFS-XF

-[QM-ESP-DES-SHA]

-PROTOCOL_ID= IPSEC_ESP

-Transforms= QM-ESP-DES-SHA-XF

-# 3DES

-[QM-ESP-3DES-SHA]

-PROTOCOL_ID= IPSEC_ESP

-Transforms= QM-ESP-3DES-SHA-XF

-[QM-ESP-3DES-SHA-PFS]

-PROTOCOL_ID= IPSEC_ESP

-Transforms= QM-ESP-3DES-SHA-PFS-XF

-[QM-ESP-3DES-SHA-TRP]

-PROTOCOL_ID= IPSEC_ESP

-Transforms= QM-ESP-3DES-SHA-TRP-XF

-# AH MD5

-[QM-AH-MD5]

-PROTOCOL_ID= IPSEC_AH

-Transforms= QM-AH-MD5-XF

-[QM-AH-MD5-PFS]

-PROTOCOL_ID= IPSEC_AH

-Transforms= QM-AH-MD5-PFS-XF

-# Quick mode transforms

-# ESP DES+MD5

-[QM-ESP-DES-XF]

-TRANSFORM_ID= DES

-ENCAPSULATION_MODE= TUNNEL

-Life= LIFE_600_SECS

-[QM-ESP-DES-MD5-XF]

-TRANSFORM_ID= DES

-ENCAPSULATION_MODE= TUNNEL

-AUTHENTICATION_ALGORITHM= HMAC_MD5

-Life= LIFE_600_SECS

-[QM-ESP-DES-MD5-PFS-XF]

-TRANSFORM_ID= DES

-ENCAPSULATION_MODE= TUNNEL

-GROUP_DESCRIPTION= MODP_768

-AUTHENTICATION_ALGORITHM= HMAC_MD5

-Life= LIFE_600_SECS

-[QM-ESP-DES-SHA-XF]

-TRANSFORM_ID= DES

-ENCAPSULATION_MODE= TUNNEL

-AUTHENTICATION_ALGORITHM= HMAC_SHA

-Life= LIFE_600_SECS

-# 3DES

-[QM-ESP-3DES-SHA-XF]

-TRANSFORM_ID= 3DES

-ENCAPSULATION_MODE= TUNNEL

-AUTHENTICATION_ALGORITHM= HMAC_SHA

-Life= LIFE_600_SECS

-[QM-ESP-3DES-SHA-PFS-XF]

-TRANSFORM_ID= 3DES

-ENCAPSULATION_MODE= TUNNEL

-AUTHENTICATION_ALGORITHM= HMAC_SHA

-GROUP_DESCRIPTION= MODP_1024

-Life= LIFE_600_SECS

-[QM-ESP-3DES-SHA-TRP-XF]

-TRANSFORM_ID= 3DES

-ENCAPSULATION_MODE= TRANSPORT

-AUTHENTICATION_ALGORITHM= HMAC_SHA

-Life= LIFE_600_SECS

-# AH

-[QM-AH-MD5-XF]

-TRANSFORM_ID= MD5

-ENCAPSULATION_MODE= TUNNEL

-AUTHENTICATION_ALGORITHM= HMAC_MD5

-Life= LIFE_600_SECS

-[QM-AH-MD5-PFS-XF]

-TRANSFORM_ID= MD5

-ENCAPSULATION_MODE= TUNNEL

-GROUP_DESCRIPTION= MODP_768

-Life= LIFE_600_SECS

-[LIFE_600_SECS]

-LIFE_TYPE= SECONDS

-LIFE_DURATION= 600,450:720

-[LIFE_3600_SECS]

-LIFE_TYPE= SECONDS

-LIFE_DURATION= 3600,1800:7200

-[LIFE_1000_KB]

-LIFE_TYPE= KILOBYTES

-LIFE_DURATION= 1000,768:1536

-[LIFE_32_MB]

-LIFE_TYPE= KILOBYTES

-LIFE_DURATION= 32768,16384:65536

-[LIFE_4.5_GB]

-LIFE_TYPE= KILOBYTES

-LIFE_DURATION= 4608000,4096000:8192000

-[RSA_SIG]

-CERT= /etc/isakmpd_cert

-PRIVKEY= /etc/isakmpd_key

-PUBKEY= /etc/isakmpd_key.pub