summaryrefslogtreecommitdiff
path: root/sbin/isakmpd/samples
diff options
context:
space:
mode:
authorNiklas Hallqvist <niklas@cvs.openbsd.org>1999-04-01 00:00:48 +0000
committerNiklas Hallqvist <niklas@cvs.openbsd.org>1999-04-01 00:00:48 +0000
commitb711edca7aefd93a497eb3ab320a401cecf63ae7 (patch)
treecb053aa81a04ae9842fb018084e2551f3784b2dc /sbin/isakmpd/samples
parent64ae0eeaa092ddca75ebd3fe72cf800add8b13cf (diff)
Merge with EOM 1.4
Remove ReplayWindow stuff, add StayAlive flags. LocalAddress is now implemented. Add some more retransmits
Diffstat (limited to 'sbin/isakmpd/samples')
-rw-r--r--sbin/isakmpd/samples/VPN-east.conf33
-rw-r--r--sbin/isakmpd/samples/VPN-west.conf31
2 files changed, 14 insertions, 50 deletions
diff --git a/sbin/isakmpd/samples/VPN-east.conf b/sbin/isakmpd/samples/VPN-east.conf
index 51427e404e7..cb3e1896124 100644
--- a/sbin/isakmpd/samples/VPN-east.conf
+++ b/sbin/isakmpd/samples/VPN-east.conf
@@ -1,10 +1,10 @@
-# $OpenBSD: VPN-east.conf,v 1.2 1999/03/02 15:18:44 niklas Exp $
-# $EOM: VPN-east.conf,v 1.3 1999/02/25 10:21:35 niklas Exp $
+# $OpenBSD: VPN-east.conf,v 1.3 1999/04/01 00:00:46 niklas Exp $
+# $EOM: VPN-east.conf,v 1.4 1999/03/31 23:59:27 niklas Exp $
# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.
[General]
-Retransmits= 3
+Retransmits= 5
Exchange-max-time= 120
Listen-on= 10.1.0.2
@@ -21,14 +21,14 @@ Connections= IPsec-east-west
[ISAKMP-peer-west]
Phase= 1
Transport= udp
-# XXX Not yet implemented
-#Local-address= 10.1.0.2
+Local-address= 10.1.0.2
Address= 10.1.0.1
# Default values for "Port" commented out
#Port= isakmp
#Port= 500
Configuration= Default-main-mode
Authentication= mekmitasdigoat
+Flags= Stayalive
[IPsec-east-west]
Phase= 2
@@ -36,8 +36,7 @@ ISAKMP-peer= ISAKMP-peer-west
Configuration= Default-quick-mode
Local-ID= Net-east
Remote-ID= Net-west
-# XXX Not yet implemented
-#Attributes= ondemand,teardown
+Flags= Stayalive
[Net-west]
ID-type= IPV4_ADDR_SUBNET
@@ -89,7 +88,7 @@ ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
-Life= LIFE_600_SECS,LIFE_1000_KB
+Life= LIFE_3600_SECS
# Blowfish
@@ -190,60 +189,42 @@ Protocols= QM-ESP-DES-MD5,QM-AH-MD5
[QM-ESP-DES]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-DES-XF
-# Needed in single-host VPN setups as we only have one SADB
-ReplayWindow= -1
[QM-ESP-DES-MD5]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-DES-MD5-XF
-# Needed in single-host VPN setups as we only have one SADB
-ReplayWindow= -1
[QM-ESP-DES-MD5-PFS]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-DES-MD5-PFS-XF
-# Needed in single-host VPN setups as we only have one SADB
-ReplayWindow= -1
[QM-ESP-DES-SHA]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-DES-SHA-XF
-# Needed in single-host VPN setups as we only have one SADB
-ReplayWindow= -1
# 3DES
[QM-ESP-3DES-SHA]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-3DES-SHA-XF
-# Needed in single-host VPN setups as we only have one SADB
-ReplayWindow= -1
[QM-ESP-3DES-SHA-PFS]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-3DES-SHA-PFS-XF
-# Needed in single-host VPN setups as we only have one SADB
-ReplayWindow= -1
[QM-ESP-3DES-SHA-TRP]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-3DES-SHA-TRP-XF
-# Needed in single-host VPN setups as we only have one SADB
-ReplayWindow= -1
# AH MD5
[QM-AH-MD5]
PROTOCOL_ID= IPSEC_AH
Transforms= QM-AH-MD5-XF
-# Needed in single-host VPN setups as we only have one SADB
-ReplayWindow= -1
[QM-AH-MD5-PFS]
PROTOCOL_ID= IPSEC_AH
Transforms= QM-AH-MD5-PFS-XF
-# Needed in single-host VPN setups as we only have one SADB
-ReplayWindow= -1
# Quick mode transforms
diff --git a/sbin/isakmpd/samples/VPN-west.conf b/sbin/isakmpd/samples/VPN-west.conf
index 23ad0c16a89..51ea32532c7 100644
--- a/sbin/isakmpd/samples/VPN-west.conf
+++ b/sbin/isakmpd/samples/VPN-west.conf
@@ -1,10 +1,10 @@
-# $OpenBSD: VPN-west.conf,v 1.2 1999/03/02 15:18:44 niklas Exp $
-# $EOM: VPN-west.conf,v 1.3 1999/02/25 10:21:36 niklas Exp $
+# $OpenBSD: VPN-west.conf,v 1.3 1999/04/01 00:00:47 niklas Exp $
+# $EOM: VPN-west.conf,v 1.4 1999/03/31 23:59:28 niklas Exp $
# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.
[General]
-Retransmits= 3
+Retransmits= 5
Exchange-max-time= 120
Listen-on= 10.1.0.1
@@ -21,14 +21,14 @@ Connections= IPsec-west-east
[ISAKMP-peer-east]
Phase= 1
Transport= udp
-# XXX Not yet implemented
-#Local-address= 10.1.0.1
+Local-address= 10.1.0.1
Address= 10.1.0.2
# Default values for "Port" commented out
#Port= isakmp
#Port= 500
Configuration= Default-main-mode
Authentication= mekmitasdigoat
+Flags= Stayalive
[IPsec-west-east]
Phase= 2
@@ -36,6 +36,7 @@ ISAKMP-peer= ISAKMP-peer-east
Configuration= Default-quick-mode
Local-ID= Net-west
Remote-ID= Net-east
+Flags= Stayalive
[Net-west]
ID-type= IPV4_ADDR_SUBNET
@@ -87,7 +88,7 @@ ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
-Life= LIFE_600_SECS,LIFE_1000_KB
+Life= LIFE_3600_SECS
# Blowfish
@@ -188,60 +189,42 @@ Protocols= QM-ESP-DES-MD5,QM-AH-MD5
[QM-ESP-DES]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-DES-XF
-# Needed in single-host VPN setups as we only have one SADB
-ReplayWindow= -1
[QM-ESP-DES-MD5]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-DES-MD5-XF
-# Needed in single-host VPN setups as we only have one SADB
-ReplayWindow= -1
[QM-ESP-DES-MD5-PFS]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-DES-MD5-PFS-XF
-# Needed in single-host VPN setups as we only have one SADB
-ReplayWindow= -1
[QM-ESP-DES-SHA]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-DES-SHA-XF
-# Needed in single-host VPN setups as we only have one SADB
-ReplayWindow= -1
# 3DES
[QM-ESP-3DES-SHA]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-3DES-SHA-XF
-# Needed in single-host VPN setups as we only have one SADB
-ReplayWindow= -1
[QM-ESP-3DES-SHA-PFS]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-3DES-SHA-PFS-XF
-# Needed in single-host VPN setups as we only have one SADB
-ReplayWindow= -1
[QM-ESP-3DES-SHA-TRP]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-3DES-SHA-TRP-XF
-# Needed in single-host VPN setups as we only have one SADB
-ReplayWindow= -1
# AH MD5
[QM-AH-MD5]
PROTOCOL_ID= IPSEC_AH
Transforms= QM-AH-MD5-XF
-# Needed in single-host VPN setups as we only have one SADB
-ReplayWindow= -1
[QM-AH-MD5-PFS]
PROTOCOL_ID= IPSEC_AH
Transforms= QM-AH-MD5-PFS-XF
-# Needed in single-host VPN setups as we only have one SADB
-ReplayWindow= -1
# Quick mode transforms
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 05:10:32 +0000