summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNiels Provos <provos@cvs.openbsd.org>1997-07-18 22:51:56 +0000
committerNiels Provos <provos@cvs.openbsd.org>1997-07-18 22:51:56 +0000
commitd44dd31eda7aa012ffa1ca83e1bb2693680136b5 (patch)
treee9b3179bb32ccac007e2b7c8d579d293c5c3320d
parent26f9104d814ccb0a3257063e566617ef82688371 (diff)
sample config files for photurisd
-rw-r--r--share/ipsec/attributes.conf16
-rw-r--r--share/ipsec/photuris.conf22
-rw-r--r--share/ipsec/photuris.startup6
-rw-r--r--share/ipsec/secrets.conf19
4 files changed, 63 insertions, 0 deletions
diff --git a/share/ipsec/attributes.conf b/share/ipsec/attributes.conf
new file mode 100644
index 00000000000..792e860c544
--- /dev/null
+++ b/share/ipsec/attributes.conf
@@ -0,0 +1,16 @@
+# Accepted keywords are AT_AH_ATTRIB, AT_ESP_ATTRIB, AT_MD5_DP, AT_MD5_KDP
+# AT_DES_CBC
+# More attributes will be supported later.
+# AT_MP5_DP must be offered and also at least one
+# of AT_ESP_ATTRIB or AT_AH_ATTRIB
+# This is the default list
+AT_MD5_DP
+AT_ESP_ATTRIB
+AT_DES_CBC
+AT_AH_ATTRIB
+AT_MD5_KDP
+# This is the list for 134.100.104
+134.100.104.0 255.255.255.0
+AT_MD5_DP
+AT_AH_ATTRIB
+AT_MD5_KDP
diff --git a/share/ipsec/photuris.conf b/share/ipsec/photuris.conf
new file mode 100644
index 00000000000..76b3d58277e
--- /dev/null
+++ b/share/ipsec/photuris.conf
@@ -0,0 +1,22 @@
+# Allowed keywords are: modulus and exchange
+# modulus <generator> <modulus>
+# exchange and DH_G_2_3DES_SHA1, DH_G_2_DES_MD5 or DH_G_2_MD5
+# exchange_max_retransmits <number>
+# exchange_retransmit_timeout <seconds>
+# exchange_timeout <seconds>
+# exchange_lifetime <seconds>
+# spi_lifetime <seconds>
+modulus 2 0x991b54d446856f383f53da1482990c133a9a6179028eaafa55d176533e8f7ac52059c504c70ebef5dfd1d82d8ba741c4f3cf1f8ed7ace70ea6cfc4da9bc790991a58cdab647561b83f6c9b73fc638a19f0d9cfacb7e64b04cbe1f68bf49a0bd9981b7906034163f0f63cd0d69b6ac079e6da47659ef2c2ae3afa59a2c929048675375218f64a192351766db97f7bf331fec9ff8e2b1cb1ec4be8b432056bf525f5e171cf5b7a975dc38d1824fd0d2815f69abe8edb46809aec8214b964ea527167b1467b97a0f329b712fb13f5924d2577e1e67d64347e1b67997de818e567145e8ad21c6cd387541b9dfaca432f6e1abd796bf59c17149779c37075d873bff3
+modulus 2 0xda58 3c16 d985 2289 d0e4 af75 6f4c ca92 dd4b e533 b804 fb0f ed94 ef9c 8a44 03ed 5746 50d3 6999 db29 d776 276b a2d3 d412 e218 f4dd 1e08 4cf6 d800 3e7c 4774 e833
+modulus 2 0x97f6 4261 cab5 05dd 2828 e13f 1d68 b6d3 dbd0 f313 047f 40e8 56da 58cb 13b8 a1bf 2b78 3a4c 6d59 d5f9 2afc 6cff 3d69 3f78 b23d 4f31 60a9 502e 3efa f7ab 5e1a d5a6 5e55 4313 828d a83b 9ff2 d941 dee9 5689 fada ea09 36ad df19 71fe 635b 20af 4703 6460 3c2d e059 f54b 650a d8fa 0cf7 0121 c747 99d7 5871 32be 9b99 9bb9 b787 e8ab
+exchange DH_G_2_3DES_SHA1 0
+exchange DH_G_2_DES_MD5 0
+#exchange DH_G_2_MD5 2048
+exchange DH_G_2_MD5 1024
+exchange DH_G_2_MD5 512
+#
+exchange_max_retransmits 3
+exchange_retransmit_timeout 10
+exchange_timeout 60
+exchange_lifetime 1000
+spi_lifetime 180
diff --git a/share/ipsec/photuris.startup b/share/ipsec/photuris.startup
new file mode 100644
index 00000000000..776a8367a0f
--- /dev/null
+++ b/share/ipsec/photuris.startup
@@ -0,0 +1,6 @@
+# Initial exchanges which might be needed by NIS or NFS servers
+dst=134.100.106.2 port=468 options=enc,auth user=provos
+tsrc=134.100.106.0/255.255.255.255
+tdst=134.100.0.0/255.255.0.0
+
+dst=134.100.104.6 port=7468
diff --git a/share/ipsec/secrets.conf b/share/ipsec/secrets.conf
new file mode 100644
index 00000000000..05bd2d7f0e3
--- /dev/null
+++ b/share/ipsec/secrets.conf
@@ -0,0 +1,19 @@
+# Simple
+identity local "Niels" "Niels for one"
+# Pairs
+identity pair local "Niels" "Niels-Niels" "Niels to Niels"
+identity pair local "Apple" "Niels-Apple" "Niels to Apple"
+identity pair local "Baker" "Niels-Baker" "Niels to Baker"
+# Remote secrets
+identity remote "Niels-Apple" "Niels to Apple"
+identity remote "Niels-Niels" "Niels to Niels"
+identity remote "Niels-Baker" "Niels to Baker"
+identity remote "Apple-Niels" "Apple to Niels"
+identity remote "Baker-Niels" "Baker to Niels"
+identity remote "Apple" "all for one"
+identity remote "Niels" "Niels for one"
+identity remote "Baker" "one for all"
+identity remote "Baker-Apple" "Baker to Apple"
+identity remote "Apple-Apple" "Apple to Apple"
+# Users
+identity lookup "Niels Provos:" provos