summaryrefslogtreecommitdiff
path: root/sbin/isakmpd/samples/singlehost-west.conf
diff options
context:
space:
mode:
authorNiklas Hallqvist <niklas@cvs.openbsd.org>2000-05-03 13:37:34 +0000
committerNiklas Hallqvist <niklas@cvs.openbsd.org>2000-05-03 13:37:34 +0000
commitcc98a20e99a41948e5f38af4bbd46e580823b0d9 (patch)
treec942c2ff620e37212035635f10f4bf9c2f8ee343 /sbin/isakmpd/samples/singlehost-west.conf
parentb78f50f85a2620bebf080b1c24bad0d60febdba0 (diff)
samples/singlehost-east.conf: Merge with EOM 1.8
samples/singlehost-west.conf: Merge with EOM 1.8 author: niklas Remove unnecessary configuration data
Diffstat (limited to 'sbin/isakmpd/samples/singlehost-west.conf')
-rw-r--r--sbin/isakmpd/samples/singlehost-west.conf292
1 files changed, 3 insertions, 289 deletions
diff --git a/sbin/isakmpd/samples/singlehost-west.conf b/sbin/isakmpd/samples/singlehost-west.conf
index 783b96617f2..ee1d91bc48e 100644
--- a/sbin/isakmpd/samples/singlehost-west.conf
+++ b/sbin/isakmpd/samples/singlehost-west.conf
@@ -1,22 +1,16 @@
-# $OpenBSD: singlehost-west.conf,v 1.7 2000/01/31 10:45:03 niklas Exp $
-# $EOM: singlehost-west.conf,v 1.7 2000/01/31 09:28:36 niklas Exp $
+# $OpenBSD: singlehost-west.conf,v 1.8 2000/05/03 13:37:33 niklas Exp $
+# $EOM: singlehost-west.conf,v 1.8 2000/05/03 13:25:25 niklas Exp $
# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.
[General]
-Retransmits= 5
-Exchange-max-time= 120
Listen-on= 10.1.0.1
Shared-SADB= Defined
-# Incoming phase 1 negotiations are multiplexed on the source IP address
[Phase 1]
10.1.0.2= ISAKMP-peer-east
Default= ISAKMP-peer-east-aggressive
-# These connections are walked over after config file parsing and told
-# to the application layer so that it will inform us when traffic wants to
-# pass over them. This means we can do on-demand keying.
[Phase 2]
Connections= IPsec-west-east
@@ -25,9 +19,6 @@ Phase= 1
Transport= udp
Local-address= 10.1.0.1
Address= 10.1.0.2
-# Default values for "Port" commented out
-#Port= isakmp
-#Port= 500
Configuration= Default-main-mode
Identification= IPV4_ADDR/10.1.0.1
Authentication= mekmitasdigoat
@@ -37,9 +28,6 @@ Phase= 1
Transport= udp
Local-address= 10.1.0.1
Address= 10.1.0.2
-# Default values for "Port" commented out
-#Port= isakmp
-#Port= 500
Configuration= Default-aggressive-mode
Identification= FQDN/diego.niklas.hallqvist.se
Authentication= mekmitasdigoat
@@ -61,8 +49,6 @@ ID-type= IPV4_ADDR_SUBNET
Network= 192.168.2.0
Netmask= 255.255.255.0
-# Phase 1 descriptions
-
[Default-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
@@ -73,279 +59,7 @@ DOI= IPSEC
EXCHANGE_TYPE= AGGRESSIVE
Transforms= 3DES-SHA-RSA
-# Main mode transforms
-######################
-
-# DES
-
-[DES-MD5]
-ENCRYPTION_ALGORITHM= DES_CBC
-HASH_ALGORITHM= MD5
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= MODP_768
-Life= LIFE_600_SECS
-
-[DES-MD5-NO-VOL-LIFE]
-ENCRYPTION_ALGORITHM= DES_CBC
-HASH_ALGORITHM= MD5
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= MODP_768
-Life= LIFE_600_SECS
-
-[DES-SHA]
-ENCRYPTION_ALGORITHM= DES_CBC
-HASH_ALGORITHM= SHA
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= MODP_768
-Life= LIFE_600_SECS
-
-# 3DES
-
-[3DES-SHA]
-ENCRYPTION_ALGORITHM= 3DES_CBC
-HASH_ALGORITHM= SHA
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= MODP_1024
-Life= LIFE_180_SECS
-
-[3DES-SHA-RSA]
-ENCRYPTION_ALGORITHM= 3DES_CBC
-HASH_ALGORITHM= SHA
-AUTHENTICATION_METHOD= RSA_SIG
-GROUP_DESCRIPTION= MODP_1024
-Life= LIFE_180_SECS
-
-# Blowfish
-
-[BLF-SHA-M1024]
-ENCRYPTION_ALGORITHM= BLOWFISH_CBC
-KEY_LENGTH= 128,96:192
-HASH_ALGORITHM= SHA
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= MODP_1024
-Life= LIFE_600_SECS
-
-[BLF-SHA-EC155]
-ENCRYPTION_ALGORITHM= BLOWFISH_CBC
-KEY_LENGTH= 128,96:192
-HASH_ALGORITHM= SHA
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= EC2N_155
-Life= LIFE_600_SECS
-
-[BLF-MD5-EC155]
-ENCRYPTION_ALGORITHM= BLOWFISH_CBC
-KEY_LENGTH= 128,96:192
-HASH_ALGORITHM= MD5
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= EC2N_155
-Life= LIFE_600_SECS
-
-[BLF-SHA-EC185]
-ENCRYPTION_ALGORITHM= BLOWFISH_CBC
-KEY_LENGTH= 128,96:192
-HASH_ALGORITHM= SHA
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= EC2N_185
-Life= LIFE_600_SECS
-
-# Quick mode description
-########################
-
[Default-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
-Suites= QM-ESP-3DES-SHA-PFS-SUITE,QM-ESP-DES-MD5-PFS-SUITE
-
-# Quick mode protection suites
-##############################
-
-# DES
-
-[QM-ESP-DES-SUITE]
-Protocols= QM-ESP-DES
-
-[QM-ESP-DES-PFS-SUITE]
-Protocols= QM-ESP-DES-PFS
-
-[QM-ESP-DES-MD5-SUITE]
-Protocols= QM-ESP-DES-MD5
-
-[QM-ESP-DES-MD5-PFS-SUITE]
-Protocols= QM-ESP-DES-MD5-PFS
-
-[QM-ESP-DES-SHA-SUITE]
-Protocols= QM-ESP-DES-SHA
-
-[QM-ESP-DES-SHA-PFS-SUITE]
-Protocols= QM-ESP-DES-SHA-PFS
-
-# 3DES
-
-[QM-ESP-3DES-SHA-SUITE]
-Protocols= QM-ESP-3DES-SHA
-
-[QM-ESP-3DES-SHA-PFS-SUITE]
-Protocols= QM-ESP-3DES-SHA-PFS
-
-# AH
-
-[QM-AH-MD5-SUITE]
-Protocols= QM-AH-MD5
-
-[QM-AH-MD5-PFS-SUITE]
-Protocols= QM-AH-MD5-PFS
-
-# AH + ESP
-
-[QM-AH-MD5-ESP-DES-SUITE]
-Protocols= QM-AH-MD5,QM-ESP-DES
-
-[QM-AH-MD5-ESP-DES-MD5-SUITE]
-Protocols= QM-AH-MD5,QM-ESP-DES-MD5
-
-[QM-ESP-DES-MD5-AH-MD5-SUITE]
-Protocols= QM-ESP-DES-MD5,QM-AH-MD5
-
-# Quick mode protocols
-
-# DES
-
-[QM-ESP-DES]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-DES-XF
-
-[QM-ESP-DES-MD5]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-DES-MD5-XF
-
-[QM-ESP-DES-MD5-PFS]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-DES-MD5-PFS-XF
-
-[QM-ESP-DES-SHA]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-DES-SHA-XF
-
-# 3DES
-
-[QM-ESP-3DES-SHA]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-3DES-SHA-XF
-
-[QM-ESP-3DES-SHA-PFS]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-3DES-SHA-PFS-XF
-
-[QM-ESP-3DES-SHA-TRP]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-3DES-SHA-TRP-XF
-
-# AH MD5
-
-[QM-AH-MD5]
-PROTOCOL_ID= IPSEC_AH
-Transforms= QM-AH-MD5-XF
-
-[QM-AH-MD5-PFS]
-PROTOCOL_ID= IPSEC_AH
-Transforms= QM-AH-MD5-PFS-XF
-
-# Quick mode transforms
-
-# ESP DES+MD5
-
-[QM-ESP-DES-XF]
-TRANSFORM_ID= DES
-ENCAPSULATION_MODE= TUNNEL
-Life= LIFE_600_SECS
-
-[QM-ESP-DES-MD5-XF]
-TRANSFORM_ID= DES
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_MD5
-Life= LIFE_600_SECS
-
-[QM-ESP-DES-MD5-PFS-XF]
-TRANSFORM_ID= DES
-ENCAPSULATION_MODE= TUNNEL
-GROUP_DESCRIPTION= MODP_1024
-AUTHENTICATION_ALGORITHM= HMAC_MD5
-Life= LIFE_600_SECS
-
-[QM-ESP-DES-SHA-XF]
-TRANSFORM_ID= DES
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_SHA
-Life= LIFE_600_SECS
-
-# 3DES
-
-[QM-ESP-3DES-SHA-XF]
-TRANSFORM_ID= 3DES
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_SHA
-Life= LIFE_60_SECS
-
-[QM-ESP-3DES-SHA-PFS-XF]
-TRANSFORM_ID= 3DES
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_SHA
-GROUP_DESCRIPTION= MODP_1024
-Life= LIFE_60_SECS
-
-[QM-ESP-3DES-SHA-TRP-XF]
-TRANSFORM_ID= 3DES
-ENCAPSULATION_MODE= TRANSPORT
-AUTHENTICATION_ALGORITHM= HMAC_SHA
-Life= LIFE_60_SECS
-
-# AH
-
-[QM-AH-MD5-XF]
-TRANSFORM_ID= MD5
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_MD5
-Life= LIFE_600_SECS
-
-[QM-AH-MD5-PFS-XF]
-TRANSFORM_ID= MD5
-ENCAPSULATION_MODE= TUNNEL
-GROUP_DESCRIPTION= MODP_768
-AUTHENTICATION_ALGORITHM= HMAC_MD5
-Life= LIFE_600_SECS
-
-[LIFE_60_SECS]
-LIFE_TYPE= SECONDS
-LIFE_DURATION= 60,45:120
-
-[LIFE_180_SECS]
-LIFE_TYPE= SECONDS
-LIFE_DURATION= 180,120:240
-
-[LIFE_600_SECS]
-LIFE_TYPE= SECONDS
-LIFE_DURATION= 600,450:720
-
-[LIFE_3600_SECS]
-LIFE_TYPE= SECONDS
-LIFE_DURATION= 3600,1800:7200
-
-[LIFE_1000_KB]
-LIFE_TYPE= KILOBYTES
-LIFE_DURATION= 1000,768:1536
-
-[LIFE_32_MB]
-LIFE_TYPE= KILOBYTES
-LIFE_DURATION= 32768,16384:65536
-
-[LIFE_4.5_GB]
-LIFE_TYPE= KILOBYTES
-LIFE_DURATION= 4608000,4096000:8192000
-
-# Certificates stored in PEM format
-[X509-certificates]
-CA-directory= /etc/isakmpd/ca/
-Cert-directory= /etc/isakmpd/certs/
-#Accept-self-signed= defined
-Private-key= /etc/isakmpd/private/local.key
+Suites= QM-ESP-3DES-SHA-PFS-SUITE