diff options
author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 1999-07-17 21:54:40 +0000 |
---|---|---|
committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 1999-07-17 21:54:40 +0000 |
commit | 46f778530c14259b1d35c48367888cc118c16d61 (patch) | |
tree | cf3af9ec25426829b2f6ca002a36450fe584edf3 /sbin/isakmpd/samples/singlehost-east.conf | |
parent | 836aea0c39e02c5c1d213bf5e2685a97c09e07a0 (diff) |
regress/rsakeygen/Makefile: Merge with EOM 1.4
regress/rsakeygen/rsakeygen.c: Merge with EOM 1.8
regress/x509/Makefile: Merge with EOM 1.6
regress/x509/x509test.c: Merge with EOM 1.6
regress/Makefile: Merge with EOM 1.8
samples/VPN-east.conf: Merge with EOM 1.6
samples/VPN-west.conf: Merge with EOM 1.6
samples/singlehost-east.conf: Merge with EOM 1.3
samples/singlehost-west.conf: Merge with EOM 1.3
sysdep/openbsd/Makefile.sysdep: Merge with EOM 1.5
x509.h: Merge with EOM 1.6
x509.c: Merge with EOM 1.17
DESIGN-NOTES: Merge with EOM 1.46
Makefile: Merge with EOM 1.55
cert.c: Merge with EOM 1.11
cert.h: Merge with EOM 1.6
exchange.c: Merge with EOM 1.109
exchange.h: Merge with EOM 1.26
ike_auth.c: Merge with EOM 1.32
ike_phase_1.c: Merge with EOM 1.7
init.c: Merge with EOM 1.16
isakmpd.conf.5: Merge with EOM 1.27
README.PKI: Merge with EOM 1.1
author: niklas
From Niels Provos, edited by me: certificate support using SSLeay
Diffstat (limited to 'sbin/isakmpd/samples/singlehost-east.conf')
-rw-r--r-- | sbin/isakmpd/samples/singlehost-east.conf | 41 |
1 files changed, 35 insertions, 6 deletions
diff --git a/sbin/isakmpd/samples/singlehost-east.conf b/sbin/isakmpd/samples/singlehost-east.conf index bac9f34666c..3c7263b4a59 100644 --- a/sbin/isakmpd/samples/singlehost-east.conf +++ b/sbin/isakmpd/samples/singlehost-east.conf @@ -1,5 +1,5 @@ -# $OpenBSD: singlehost-east.conf,v 1.2 1999/04/05 20:57:13 niklas Exp $ -# $EOM: singlehost-east.conf,v 1.2 1999/04/05 18:32:48 niklas Exp $ +# $OpenBSD: singlehost-east.conf,v 1.3 1999/07/17 21:54:38 niklas Exp $ +# $EOM: singlehost-east.conf,v 1.3 1999/07/17 20:44:16 niklas Exp $ # A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon. @@ -12,6 +12,7 @@ Shared-SADB= Defined # Incoming phase 1 negotiations are multiplexed on the source IP address [Phase 1] 10.1.0.1= ISAKMP-peer-west +Default= ISAKMP-peer-west-aggressive # These connections are walked over after config file parsing and told # to the application layer so that it will inform us when traffic wants to @@ -31,6 +32,18 @@ Configuration= Default-main-mode Authentication= mekmitasdigoat Flags= Stayalive +[ISAKMP-peer-west-aggressive] +Phase= 1 +Transport= udp +Local-address= 10.1.0.2 +Address= 10.1.0.1 +# Default values for "Port" commented out +#Port= isakmp +#Port= 500 +Configuration= Default-aggressive-mode +Authentication= mekmitasdigoat +Flags= Stayalive + [IPsec-east-west] Phase= 2 ISAKMP-peer= ISAKMP-peer-west @@ -49,13 +62,18 @@ ID-type= IPV4_ADDR_SUBNET Network= 192.168.2.0 Netmask= 255.255.255.0 -# Main mode descriptions +# Phase 1 descriptions [Default-main-mode] DOI= IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA +[Default-aggressive-mode] +DOI= IPSEC +EXCHANGE_TYPE= AGGRESSIVE +Transforms= 3DES-SHA-RSA + # Main mode transforms ###################### @@ -91,6 +109,13 @@ AUTHENTICATION_METHOD= PRE_SHARED GROUP_DESCRIPTION= MODP_1024 Life= LIFE_180_SECS +[3DES-SHA-RSA] +ENCRYPTION_ALGORITHM= 3DES_CBC +HASH_ALGORITHM= SHA +AUTHENTICATION_METHOD= RSA_SIG +GROUP_DESCRIPTION= MODP_1024 +Life= LIFE_180_SECS + # Blowfish [BLF-SHA-M1024] @@ -318,7 +343,11 @@ LIFE_DURATION= 32768,16384:65536 LIFE_TYPE= KILOBYTES LIFE_DURATION= 4608000,4096000:8192000 +# Certificates stored in PEM format +[X509-certificates] +CA-directory= /etc/isakmpd/ca/ +Cert-directory= /etc/isakmpd/certs/ +#Accept-self-signed= + [RSA_SIG] -CERT= /etc/isakmpd_cert -PRIVKEY= /etc/isakmpd_key -PUBKEY= /etc/isakmpd_key.pub +PRIVKEY= /etc/isakmpd/private/local.key |