diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2010-06-07 10:09:06 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2010-06-07 10:09:06 +0000 |
| commit | cb8d25e385228ea246996f03ad3f3ab5a1c5c061 (patch) | |
| tree | 3b91b545fcefaf4b35d5af5b7cb5b5be6b16929f | |
| parent | fc91a2da4c50ec51e10cf2cba4a920a780503d5c (diff) | |
add iked.conf default configuration file example.
ok jsg@
| -rw-r--r-- | etc/Makefile | 3 | ||||
| -rw-r--r-- | etc/changelist | 3 | ||||
| -rw-r--r-- | etc/iked.conf | 25 | ||||
| -rw-r--r-- | etc/mtree/special | 3 |
4 files changed, 31 insertions, 3 deletions
diff --git a/etc/Makefile b/etc/Makefile index 0c7fc1cd140..89e9f7d0f5f 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.288 2010/06/05 17:29:14 martinh Exp $ +# $OpenBSD: Makefile,v 1.289 2010/06/07 10:09:05 reyk Exp $ TZDIR= /usr/share/zoneinfo LOCALTIME= Canada/Mountain @@ -98,6 +98,7 @@ distribution-etc-root-var: distrib-dirs ${INSTALL} -c -o root -g operator -m 644 chio.conf ${DESTDIR}/etc ${INSTALL} -c -o root -g wheel -m 600 hostapd.conf ${DESTDIR}/etc ${INSTALL} -c -o root -g wheel -m 600 relayd.conf ${DESTDIR}/etc + ${INSTALL} -c -o root -g wheel -m 600 iked.conf ${DESTDIR}/etc ${INSTALL} -c -o root -g wheel -m 600 ipsec.conf ${DESTDIR}/etc ${INSTALL} -c -o root -g wheel -m 600 sasyncd.conf ${DESTDIR}/etc ${INSTALL} -c -o root -g wheel -m 600 snmpd.conf ${DESTDIR}/etc diff --git a/etc/changelist b/etc/changelist index b05613c76fc..03ac02abad7 100644 --- a/etc/changelist +++ b/etc/changelist @@ -1,4 +1,4 @@ -# $OpenBSD: changelist,v 1.66 2010/04/15 20:12:27 sthen Exp $ +# $OpenBSD: changelist,v 1.67 2010/06/07 10:09:05 reyk Exp $ # # List of files which the security script backs up and checks # for modifications. @@ -45,6 +45,7 @@ /etc/hosts.equiv /etc/hosts.lpd /etc/ifstated.conf ++/etc/iked.conf /etc/inetd.conf +/etc/ipsec.conf +/etc/isakmpd/private/local.key diff --git a/etc/iked.conf b/etc/iked.conf new file mode 100644 index 00000000000..0e287dfeb80 --- /dev/null +++ b/etc/iked.conf @@ -0,0 +1,25 @@ +# $OpenBSD: iked.conf,v 1.1 2010/06/07 10:09:05 reyk Exp $ +# +# See iked.conf(5) for syntax and examples. + +# Configure users for the Extensible Authentication Protocol (EAP) +user "user1" "password123" +user "user2" "password456" + +# Configuration for clients connecting with EAP authentication. +# Remember to set up a PKI, see ikectl(8) for more information. +ikev2 "win7" passive esp \ + from 10.2.0.0/24 to 10.1.0.0/24 \ + local any peer any \ + eap "mschap-v2" \ + config address 10.2.0.1 \ + config name-server 10.1.0.2 \ + tag "$name-$id" + +# Configuration for a client authenticating with a pre-shared key. +ikev2 esp \ + from 10.3.0.0/24 to 10.1.0.0/24 \ + from 10.5.0.0/24 to 10.1.0.0/24 \ + from 10.5.0.0/24 to 172.16.1.0/24 \ + local 192.168.1.1 peer 192.168.2.1 \ + psk "you-should-not-use-psk-authentication!" diff --git a/etc/mtree/special b/etc/mtree/special index 8ac0278713d..0fc90195a19 100644 --- a/etc/mtree/special +++ b/etc/mtree/special @@ -1,4 +1,4 @@ -# $OpenBSD: special,v 1.86 2010/02/22 15:20:22 claudio Exp $ +# $OpenBSD: special,v 1.87 2010/06/07 10:09:05 reyk Exp $ # $NetBSD: special,v 1.4 1996/05/08 21:30:18 pk Exp $ # @(#)special 8.2 (Berkeley) 1/23/94 # @@ -34,6 +34,7 @@ group type=file mode=0644 uname=root gname=wheel hostapd.conf type=file mode=0600 uname=root gname=wheel hosts type=file mode=0644 uname=root gname=wheel hosts.equiv type=file mode=0600 uname=root gname=wheel optional +iked.conf type=file mode=0600 uname=root gname=wheel inetd.conf type=file mode=0644 uname=root gname=wheel ipsec.conf type=file mode=0600 uname=root gname=wheel isakmpd type=dir mode=0755 uname=root gname=wheel |