summaryrefslogtreecommitdiff
path: root/sbin/isakmpd/samples/singlehost-west.conf
diff options
context:
space:
mode:
authorNiklas Hallqvist <niklas@cvs.openbsd.org>1999-03-31 23:45:55 +0000
committerNiklas Hallqvist <niklas@cvs.openbsd.org>1999-03-31 23:45:55 +0000
commitae3fa4f36a004858217de9c22d83b5ee3c9c1ceb (patch)
tree462cf1a0f0bfebac543af8f629c90f68ac7f9152 /sbin/isakmpd/samples/singlehost-west.conf
parent3acc83ddf7ad003bae96d0a7bff3cdcabc14a79b (diff)
Single-host VPN test files
Diffstat (limited to 'sbin/isakmpd/samples/singlehost-west.conf')
-rw-r--r--sbin/isakmpd/samples/singlehost-west.conf324
1 files changed, 324 insertions, 0 deletions
diff --git a/sbin/isakmpd/samples/singlehost-west.conf b/sbin/isakmpd/samples/singlehost-west.conf
new file mode 100644
index 00000000000..2477c9efb7d
--- /dev/null
+++ b/sbin/isakmpd/samples/singlehost-west.conf
@@ -0,0 +1,324 @@
+# $OpenBSD: singlehost-west.conf,v 1.1 1999/03/31 23:45:53 niklas Exp $
+# $EOM: singlehost-west.conf,v 1.1 1999/03/31 23:36:52 niklas Exp $
+
+# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.
+
+[General]
+Retransmits= 5
+Exchange-max-time= 120
+Listen-on= 10.1.0.1
+Shared-SADB= Defined
+
+# Incoming phase 1 negotiations are multiplexed on the source IP address
+[Phase 1]
+10.1.0.2= ISAKMP-peer-east
+
+# These connections are walked over after config file parsing and told
+# to the application layer so that it will inform us when traffic wants to
+# pass over them. This means we can do on-demand keying.
+[Phase 2]
+Connections= IPsec-west-east
+
+[ISAKMP-peer-east]
+Phase= 1
+Transport= udp
+Local-address= 10.1.0.1
+Address= 10.1.0.2
+# Default values for "Port" commented out
+#Port= isakmp
+#Port= 500
+Configuration= Default-main-mode
+Authentication= mekmitasdigoat
+Flags= Stayalive
+
+[IPsec-west-east]
+Phase= 2
+ISAKMP-peer= ISAKMP-peer-east
+Configuration= Default-quick-mode
+Local-ID= Net-west
+Remote-ID= Net-east
+Flags= Stayalive
+
+[Net-west]
+ID-type= IPV4_ADDR_SUBNET
+Network= 192.168.1.0
+Netmask= 255.255.255.0
+
+[Net-east]
+ID-type= IPV4_ADDR_SUBNET
+Network= 192.168.2.0
+Netmask= 255.255.255.0
+
+# Main mode descriptions
+
+[Default-main-mode]
+DOI= IPSEC
+EXCHANGE_TYPE= ID_PROT
+Transforms= 3DES-SHA
+
+# Main mode transforms
+######################
+
+# DES
+
+[DES-MD5]
+ENCRYPTION_ALGORITHM= DES_CBC
+HASH_ALGORITHM= MD5
+AUTHENTICATION_METHOD= PRE_SHARED
+GROUP_DESCRIPTION= MODP_768
+Life= LIFE_600_SECS,LIFE_1000_KB
+
+[DES-MD5-NO-VOL-LIFE]
+ENCRYPTION_ALGORITHM= DES_CBC
+HASH_ALGORITHM= MD5
+AUTHENTICATION_METHOD= PRE_SHARED
+GROUP_DESCRIPTION= MODP_768
+Life= LIFE_600_SECS
+
+[DES-SHA]
+ENCRYPTION_ALGORITHM= DES_CBC
+HASH_ALGORITHM= SHA
+AUTHENTICATION_METHOD= PRE_SHARED
+GROUP_DESCRIPTION= MODP_768
+Life= LIFE_600_SECS,LIFE_1000_KB
+
+# 3DES
+
+[3DES-SHA]
+ENCRYPTION_ALGORITHM= 3DES_CBC
+HASH_ALGORITHM= SHA
+AUTHENTICATION_METHOD= PRE_SHARED
+GROUP_DESCRIPTION= MODP_1024
+Life= LIFE_180_SECS
+
+# Blowfish
+
+[BLF-SHA-M1024]
+ENCRYPTION_ALGORITHM= BLOWFISH_CBC
+KEY_LENGTH= 128,96:192
+HASH_ALGORITHM= SHA
+AUTHENTICATION_METHOD= PRE_SHARED
+GROUP_DESCRIPTION= MODP_1024
+Life= LIFE_600_SECS,LIFE_1000_KB
+
+[BLF-SHA-EC155]
+ENCRYPTION_ALGORITHM= BLOWFISH_CBC
+KEY_LENGTH= 128,96:192
+HASH_ALGORITHM= SHA
+AUTHENTICATION_METHOD= PRE_SHARED
+GROUP_DESCRIPTION= EC2N_155
+Life= LIFE_600_SECS,LIFE_1000_KB
+
+[BLF-MD5-EC155]
+ENCRYPTION_ALGORITHM= BLOWFISH_CBC
+KEY_LENGTH= 128,96:192
+HASH_ALGORITHM= MD5
+AUTHENTICATION_METHOD= PRE_SHARED
+GROUP_DESCRIPTION= EC2N_155
+Life= LIFE_600_SECS,LIFE_1000_KB
+
+[BLF-SHA-EC185]
+ENCRYPTION_ALGORITHM= BLOWFISH_CBC
+KEY_LENGTH= 128,96:192
+HASH_ALGORITHM= SHA
+AUTHENTICATION_METHOD= PRE_SHARED
+GROUP_DESCRIPTION= EC2N_185
+Life= LIFE_600_SECS,LIFE_1000_KB
+
+# Quick mode description
+########################
+
+[Default-quick-mode]
+DOI= IPSEC
+EXCHANGE_TYPE= QUICK_MODE
+Suites= QM-ESP-3DES-SHA-PFS-SUITE,QM-ESP-DES-MD5-SUITE
+
+# Quick mode protection suites
+##############################
+
+# DES
+
+[QM-ESP-DES-SUITE]
+Protocols= QM-ESP-DES
+
+[QM-ESP-DES-PFS-SUITE]
+Protocols= QM-ESP-DES-PFS
+
+[QM-ESP-DES-MD5-SUITE]
+Protocols= QM-ESP-DES-MD5
+
+[QM-ESP-DES-MD5-PFS-SUITE]
+Protocols= QM-ESP-DES-MD5-PFS
+
+[QM-ESP-DES-SHA-SUITE]
+Protocols= QM-ESP-DES-SHA
+
+[QM-ESP-DES-SHA-PFS-SUITE]
+Protocols= QM-ESP-DES-SHA-PFS
+
+# 3DES
+
+[QM-ESP-3DES-SHA-SUITE]
+Protocols= QM-ESP-3DES-SHA
+
+[QM-ESP-3DES-SHA-PFS-SUITE]
+Protocols= QM-ESP-3DES-SHA-PFS
+
+# AH
+
+[QM-AH-MD5-SUITE]
+Protocols= QM-AH-MD5
+
+[QM-AH-MD5-PFS-SUITE]
+Protocols= QM-AH-MD5-PFS
+
+# AH + ESP
+
+[QM-AH-MD5-ESP-DES-SUITE]
+Protocols= QM-AH-MD5,QM-ESP-DES
+
+[QM-AH-MD5-ESP-DES-MD5-SUITE]
+Protocols= QM-AH-MD5,QM-ESP-DES-MD5
+
+[QM-ESP-DES-MD5-AH-MD5-SUITE]
+Protocols= QM-ESP-DES-MD5,QM-AH-MD5
+
+# Quick mode protocols
+
+# DES
+
+[QM-ESP-DES]
+PROTOCOL_ID= IPSEC_ESP
+Transforms= QM-ESP-DES-XF
+
+[QM-ESP-DES-MD5]
+PROTOCOL_ID= IPSEC_ESP
+Transforms= QM-ESP-DES-MD5-XF
+
+[QM-ESP-DES-MD5-PFS]
+PROTOCOL_ID= IPSEC_ESP
+Transforms= QM-ESP-DES-MD5-PFS-XF
+
+[QM-ESP-DES-SHA]
+PROTOCOL_ID= IPSEC_ESP
+Transforms= QM-ESP-DES-SHA-XF
+
+# 3DES
+
+[QM-ESP-3DES-SHA]
+PROTOCOL_ID= IPSEC_ESP
+Transforms= QM-ESP-3DES-SHA-XF
+
+[QM-ESP-3DES-SHA-PFS]
+PROTOCOL_ID= IPSEC_ESP
+Transforms= QM-ESP-3DES-SHA-PFS-XF
+
+[QM-ESP-3DES-SHA-TRP]
+PROTOCOL_ID= IPSEC_ESP
+Transforms= QM-ESP-3DES-SHA-TRP-XF
+
+# AH MD5
+
+[QM-AH-MD5]
+PROTOCOL_ID= IPSEC_AH
+Transforms= QM-AH-MD5-XF
+
+[QM-AH-MD5-PFS]
+PROTOCOL_ID= IPSEC_AH
+Transforms= QM-AH-MD5-PFS-XF
+
+# Quick mode transforms
+
+# ESP DES+MD5
+
+[QM-ESP-DES-XF]
+TRANSFORM_ID= DES
+ENCAPSULATION_MODE= TUNNEL
+Life= LIFE_600_SECS
+
+[QM-ESP-DES-MD5-XF]
+TRANSFORM_ID= DES
+ENCAPSULATION_MODE= TUNNEL
+AUTHENTICATION_ALGORITHM= HMAC_MD5
+Life= LIFE_600_SECS
+
+[QM-ESP-DES-MD5-PFS-XF]
+TRANSFORM_ID= DES
+ENCAPSULATION_MODE= TUNNEL
+GROUP_DESCRIPTION= MODP_768
+AUTHENTICATION_ALGORITHM= HMAC_MD5
+Life= LIFE_600_SECS
+
+[QM-ESP-DES-SHA-XF]
+TRANSFORM_ID= DES
+ENCAPSULATION_MODE= TUNNEL
+AUTHENTICATION_ALGORITHM= HMAC_SHA
+Life= LIFE_600_SECS
+
+# 3DES
+
+[QM-ESP-3DES-SHA-XF]
+TRANSFORM_ID= 3DES
+ENCAPSULATION_MODE= TUNNEL
+AUTHENTICATION_ALGORITHM= HMAC_SHA
+Life= LIFE_60_SECS
+
+[QM-ESP-3DES-SHA-PFS-XF]
+TRANSFORM_ID= 3DES
+ENCAPSULATION_MODE= TUNNEL
+AUTHENTICATION_ALGORITHM= HMAC_SHA
+GROUP_DESCRIPTION= MODP_1024
+Life= LIFE_60_SECS
+
+[QM-ESP-3DES-SHA-TRP-XF]
+TRANSFORM_ID= 3DES
+ENCAPSULATION_MODE= TRANSPORT
+AUTHENTICATION_ALGORITHM= HMAC_SHA
+Life= LIFE_60_SECS
+
+# AH
+
+[QM-AH-MD5-XF]
+TRANSFORM_ID= MD5
+ENCAPSULATION_MODE= TUNNEL
+AUTHENTICATION_ALGORITHM= HMAC_MD5
+Life= LIFE_600_SECS
+
+[QM-AH-MD5-PFS-XF]
+TRANSFORM_ID= MD5
+ENCAPSULATION_MODE= TUNNEL
+GROUP_DESCRIPTION= MODP_768
+Life= LIFE_600_SECS
+
+[LIFE_60_SECS]
+LIFE_TYPE= SECONDS
+LIFE_DURATION= 60,45:120
+
+[LIFE_180_SECS]
+LIFE_TYPE= SECONDS
+LIFE_DURATION= 180,120:240
+
+[LIFE_600_SECS]
+LIFE_TYPE= SECONDS
+LIFE_DURATION= 600,450:720
+
+[LIFE_3600_SECS]
+LIFE_TYPE= SECONDS
+LIFE_DURATION= 3600,1800:7200
+
+[LIFE_1000_KB]
+LIFE_TYPE= KILOBYTES
+LIFE_DURATION= 1000,768:1536
+
+[LIFE_32_MB]
+LIFE_TYPE= KILOBYTES
+LIFE_DURATION= 32768,16384:65536
+
+[LIFE_4.5_GB]
+LIFE_TYPE= KILOBYTES
+LIFE_DURATION= 4608000,4096000:8192000
+
+[RSA_SIG]
+CERT= /etc/isakmpd_cert
+PRIVKEY= /etc/isakmpd_key
+PUBKEY= /etc/isakmpd_key.pub
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-16 00:30:33 +0000