summaryrefslogtreecommitdiff
path: root/sbin/isakmpd/samples/singlehost-east.conf
diff options
context:
space:
mode:
authorNiklas Hallqvist <niklas@cvs.openbsd.org>1999-07-17 21:54:40 +0000
committerNiklas Hallqvist <niklas@cvs.openbsd.org>1999-07-17 21:54:40 +0000
commit46f778530c14259b1d35c48367888cc118c16d61 (patch)
treecf3af9ec25426829b2f6ca002a36450fe584edf3 /sbin/isakmpd/samples/singlehost-east.conf
parent836aea0c39e02c5c1d213bf5e2685a97c09e07a0 (diff)
regress/rsakeygen/Makefile: Merge with EOM 1.4
regress/rsakeygen/rsakeygen.c: Merge with EOM 1.8 regress/x509/Makefile: Merge with EOM 1.6 regress/x509/x509test.c: Merge with EOM 1.6 regress/Makefile: Merge with EOM 1.8 samples/VPN-east.conf: Merge with EOM 1.6 samples/VPN-west.conf: Merge with EOM 1.6 samples/singlehost-east.conf: Merge with EOM 1.3 samples/singlehost-west.conf: Merge with EOM 1.3 sysdep/openbsd/Makefile.sysdep: Merge with EOM 1.5 x509.h: Merge with EOM 1.6 x509.c: Merge with EOM 1.17 DESIGN-NOTES: Merge with EOM 1.46 Makefile: Merge with EOM 1.55 cert.c: Merge with EOM 1.11 cert.h: Merge with EOM 1.6 exchange.c: Merge with EOM 1.109 exchange.h: Merge with EOM 1.26 ike_auth.c: Merge with EOM 1.32 ike_phase_1.c: Merge with EOM 1.7 init.c: Merge with EOM 1.16 isakmpd.conf.5: Merge with EOM 1.27 README.PKI: Merge with EOM 1.1 author: niklas From Niels Provos, edited by me: certificate support using SSLeay
Diffstat (limited to 'sbin/isakmpd/samples/singlehost-east.conf')
-rw-r--r--sbin/isakmpd/samples/singlehost-east.conf41
1 files changed, 35 insertions, 6 deletions
diff --git a/sbin/isakmpd/samples/singlehost-east.conf b/sbin/isakmpd/samples/singlehost-east.conf
index bac9f34666c..3c7263b4a59 100644
--- a/sbin/isakmpd/samples/singlehost-east.conf
+++ b/sbin/isakmpd/samples/singlehost-east.conf
@@ -1,5 +1,5 @@
-# $OpenBSD: singlehost-east.conf,v 1.2 1999/04/05 20:57:13 niklas Exp $
-# $EOM: singlehost-east.conf,v 1.2 1999/04/05 18:32:48 niklas Exp $
+# $OpenBSD: singlehost-east.conf,v 1.3 1999/07/17 21:54:38 niklas Exp $
+# $EOM: singlehost-east.conf,v 1.3 1999/07/17 20:44:16 niklas Exp $
# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.
@@ -12,6 +12,7 @@ Shared-SADB= Defined
# Incoming phase 1 negotiations are multiplexed on the source IP address
[Phase 1]
10.1.0.1= ISAKMP-peer-west
+Default= ISAKMP-peer-west-aggressive
# These connections are walked over after config file parsing and told
# to the application layer so that it will inform us when traffic wants to
@@ -31,6 +32,18 @@ Configuration= Default-main-mode
Authentication= mekmitasdigoat
Flags= Stayalive
+[ISAKMP-peer-west-aggressive]
+Phase= 1
+Transport= udp
+Local-address= 10.1.0.2
+Address= 10.1.0.1
+# Default values for "Port" commented out
+#Port= isakmp
+#Port= 500
+Configuration= Default-aggressive-mode
+Authentication= mekmitasdigoat
+Flags= Stayalive
+
[IPsec-east-west]
Phase= 2
ISAKMP-peer= ISAKMP-peer-west
@@ -49,13 +62,18 @@ ID-type= IPV4_ADDR_SUBNET
Network= 192.168.2.0
Netmask= 255.255.255.0
-# Main mode descriptions
+# Phase 1 descriptions
[Default-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
+[Default-aggressive-mode]
+DOI= IPSEC
+EXCHANGE_TYPE= AGGRESSIVE
+Transforms= 3DES-SHA-RSA
+
# Main mode transforms
######################
@@ -91,6 +109,13 @@ AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_180_SECS
+[3DES-SHA-RSA]
+ENCRYPTION_ALGORITHM= 3DES_CBC
+HASH_ALGORITHM= SHA
+AUTHENTICATION_METHOD= RSA_SIG
+GROUP_DESCRIPTION= MODP_1024
+Life= LIFE_180_SECS
+
# Blowfish
[BLF-SHA-M1024]
@@ -318,7 +343,11 @@ LIFE_DURATION= 32768,16384:65536
LIFE_TYPE= KILOBYTES
LIFE_DURATION= 4608000,4096000:8192000
+# Certificates stored in PEM format
+[X509-certificates]
+CA-directory= /etc/isakmpd/ca/
+Cert-directory= /etc/isakmpd/certs/
+#Accept-self-signed=
+
[RSA_SIG]
-CERT= /etc/isakmpd_cert
-PRIVKEY= /etc/isakmpd_key
-PUBKEY= /etc/isakmpd_key.pub
+PRIVKEY= /etc/isakmpd/private/local.key