diff options
| author | Hakan Olsson <ho@cvs.openbsd.org> | 2001-10-11 13:24:32 +0000 |
|---|---|---|
| committer | Hakan Olsson <ho@cvs.openbsd.org> | 2001-10-11 13:24:32 +0000 |
| commit | f5c033b80f6604d285126e89ee89f0559b17ba32 (patch) | |
| tree | 897561d7c2aacd87ed1b94dbbf9934dac50dbba9 /sbin/isakmpd | |
| parent | 3114560bb67cbcaa1578333a39b2f8db9c0430a1 (diff) | |
Fix various bugs in the example configuration. Most entries are
"pregenerated", so indicate which aren't. 'Default-phase-N-lifetime'
replaces LIFE_nnn_SECS.
Diffstat (limited to 'sbin/isakmpd')
| -rw-r--r-- | sbin/isakmpd/isakmpd.conf.5 | 84 |
1 files changed, 25 insertions, 59 deletions
diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5 index a99d52a593c..4bec426c9c1 100644 --- a/sbin/isakmpd/isakmpd.conf.5 +++ b/sbin/isakmpd/isakmpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: isakmpd.conf.5,v 1.58 2001/10/04 23:31:27 ho Exp $ +.\" $OpenBSD: isakmpd.conf.5,v 1.59 2001/10/11 13:24:31 ho Exp $ .\" $EOM: isakmpd.conf.5,v 1.57 2000/12/21 14:43:17 ho Exp $ .\" .\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved. @@ -701,21 +701,14 @@ ENCRYPTION_ALGORITHM= DES_CBC HASH_ALGORITHM= MD5 AUTHENTICATION_METHOD= PRE_SHARED GROUP_DESCRIPTION= MODP_768 -Life= LIFE_600_SECS,LIFE_1000_KB - -[DES-MD5-NO-VOL-LIFE] -ENCRYPTION_ALGORITHM= DES_CBC -HASH_ALGORITHM= MD5 -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_768 -Life= LIFE_600_SECS +Life= Default-phase-1-lifetime [DES-SHA] ENCRYPTION_ALGORITHM= DES_CBC HASH_ALGORITHM= SHA AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_768 -Life= LIFE_600_SECS,LIFE_1000_KB +GROUP_DESCRIPTION= MODP_1024 +Life= Default-phase-1-lifetime # 3DES @@ -724,41 +717,26 @@ ENCRYPTION_ALGORITHM= 3DES_CBC HASH_ALGORITHM= SHA AUTHENTICATION_METHOD= PRE_SHARED GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_3600_SECS +Life= Default-phase-1-lifetime # Blowfish -[BLF-SHA-M1024] +[BLF-SHA] ENCRYPTION_ALGORITHM= BLOWFISH_CBC KEY_LENGTH= 128,96:192 HASH_ALGORITHM= SHA AUTHENTICATION_METHOD= PRE_SHARED GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_600_SECS,LIFE_1000_KB - -[BLF-SHA-EC155] -ENCRYPTION_ALGORITHM= BLOWFISH_CBC -KEY_LENGTH= 128,96:192 -HASH_ALGORITHM= SHA -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= EC2N_155 -Life= LIFE_600_SECS,LIFE_1000_KB - -[BLF-MD5-EC155] -ENCRYPTION_ALGORITHM= BLOWFISH_CBC -KEY_LENGTH= 128,96:192 -HASH_ALGORITHM= MD5 -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= EC2N_155 -Life= LIFE_600_SECS,LIFE_1000_KB +Life= Default-phase-1-lifetime +# Blowfish, using DH group 4 (non-default) [BLF-SHA-EC185] ENCRYPTION_ALGORITHM= BLOWFISH_CBC KEY_LENGTH= 128,96:192 HASH_ALGORITHM= SHA AUTHENTICATION_METHOD= PRE_SHARED GROUP_DESCRIPTION= EC2N_185 -Life= LIFE_600_SECS,LIFE_1000_KB +Life= Default-phase-1-lifetime # Quick mode protection suites ############################## @@ -796,7 +774,7 @@ Protocols= QM-ESP-3DES-SHA-PFS [QM-ESP-AES-SHA-SUITE] Protocols= QM-ESP-AES-SHA -[QM-ESP-3DES-SHA-PFS-SUITE] +[QM-ESP-AES-SHA-PFS-SUITE] Protocols= QM-ESP-AES-SHA-PFS # AH @@ -807,7 +785,7 @@ Protocols= QM-AH-MD5 [QM-AH-MD5-PFS-SUITE] Protocols= QM-AH-MD5-PFS -# AH + ESP +# AH + ESP (non-default) [QM-AH-MD5-ESP-DES-SUITE] Protocols= QM-AH-MD5,QM-ESP-DES @@ -883,26 +861,26 @@ Transforms= QM-AH-MD5-PFS-XF [QM-ESP-DES-XF] TRANSFORM_ID= DES ENCAPSULATION_MODE= TUNNEL -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime [QM-ESP-DES-MD5-XF] TRANSFORM_ID= DES ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_MD5 -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime [QM-ESP-DES-MD5-PFS-XF] TRANSFORM_ID= DES ENCAPSULATION_MODE= TUNNEL GROUP_DESCRIPTION= MODP_768 AUTHENTICATION_ALGORITHM= HMAC_MD5 -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime [QM-ESP-DES-SHA-XF] TRANSFORM_ID= DES ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime # 3DES @@ -910,20 +888,20 @@ Life= LIFE_600_SECS TRANSFORM_ID= 3DES ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime [QM-ESP-3DES-SHA-PFS-XF] TRANSFORM_ID= 3DES ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_SHA GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime [QM-ESP-3DES-SHA-TRP-XF] TRANSFORM_ID= 3DES ENCAPSULATION_MODE= TRANSPORT AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime # AES @@ -931,20 +909,20 @@ Life= LIFE_600_SECS TRANSFORM_ID= AES ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime [QM-ESP-AES-SHA-PFS-XF] TRANSFORM_ID= AES ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_SHA GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime [QM-ESP-AES-SHA-TRP-XF] TRANSFORM_ID= AES ENCAPSULATION_MODE= TRANSPORT AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime # AH @@ -952,33 +930,21 @@ Life= LIFE_600_SECS TRANSFORM_ID= MD5 ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_MD5 -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime [QM-AH-MD5-PFS-XF] TRANSFORM_ID= MD5 ENCAPSULATION_MODE= TUNNEL GROUP_DESCRIPTION= MODP_768 -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime -[LIFE_600_SECS] -LIFE_TYPE= SECONDS -LIFE_DURATION= 600,450:720 - -[LIFE_3600_SECS] +[Sample-Life-Time] LIFE_TYPE= SECONDS LIFE_DURATION= 3600,1800:7200 -[LIFE_1000_KB] +[Sample-Life-Volume] LIFE_TYPE= KILOBYTES LIFE_DURATION= 1000,768:1536 - -[LIFE_32_MB] -LIFE_TYPE= KILOBYTES -LIFE_DURATION= 32768,16384:65536 - -[LIFE_4.5_GB] -LIFE_TYPE= KILOBYTES -LIFE_DURATION= 4608000,4096000:8192000 .Ed .Sh FILES .Bl -tag -width /etc/isakmpd/isakmpd.conf |