diff options
| author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-01-26 15:24:18 +0000 |
|---|---|---|
| committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-01-26 15:24:18 +0000 |
| commit | 62ea6977d41b9e94b2dfecc8fc25766689095963 (patch) | |
| tree | be83a63e8ae3566d29e36c172490b2e8d3155fec /sbin | |
| parent | cff87b4720d5987b3538d61c03edccbf97a79794 (diff) | |
Merge with EOM 1.6
author: ho
Add Blowfish-main-mode and Blowfish-quick-mode,
including suites, protocols and transforms for them.
Add a policy file default, currently set to /etc/isakmpd/policy.
Also, slightly more verbose comments for the quick mode transforms.
author: ho
Kill volume lifetimes for main mode.
Add AH-SHA tranforms for quick mode, and 3DES-MD5 transform for main mode.
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/isakmpd/samples/VPN-3way-template.conf | 123 |
1 files changed, 104 insertions, 19 deletions
diff --git a/sbin/isakmpd/samples/VPN-3way-template.conf b/sbin/isakmpd/samples/VPN-3way-template.conf index 18b14254dff..f3b66adc098 100644 --- a/sbin/isakmpd/samples/VPN-3way-template.conf +++ b/sbin/isakmpd/samples/VPN-3way-template.conf @@ -1,5 +1,5 @@ -# $OpenBSD: VPN-3way-template.conf,v 1.4 1999/08/05 22:41:22 niklas Exp $ -# $EOM: VPN-3way-template.conf,v 1.4 1999/07/18 09:25:34 niklas Exp $ +# $OpenBSD: VPN-3way-template.conf,v 1.5 2000/01/26 15:24:17 niklas Exp $ +# $EOM: VPN-3way-template.conf,v 1.6 1999/12/20 10:21:43 ho Exp $ # # A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon. # @@ -92,13 +92,19 @@ Netmask= 255.255.255.0 [General] Retransmits= 3 Exchange-max-time= 120 +Policy-file= /etc/isakmpd/policy # Main mode descriptions [Default-main-mode] DOI= IPSEC EXCHANGE_TYPE= ID_PROT -Transforms= 3DES-SHA +Transforms= 3DES-SHA,3DES-MD5 + +[Blowfish-main-mode] +DOI= IPSEC +EXCHANGE_TYPE= ID_PROT +Transforms= BLF-SHA-M1024 # Quick mode description ######################## @@ -108,6 +114,12 @@ DOI= IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-3DES-SHA-PFS-SUITE +[Blowfish-quick-mode] +DOI= IPSEC +EXCHANGE_TYPE= QUICK_MODE +Suites= QM-ESP-BLF-SHA-PFS-SUITE +#Suites= QM-ESP-BLF-SHA-SUITE + # Main mode transforms ###################### @@ -118,13 +130,6 @@ ENCRYPTION_ALGORITHM= DES_CBC HASH_ALGORITHM= MD5 AUTHENTICATION_METHOD= PRE_SHARED GROUP_DESCRIPTION= MODP_768 -Life= LIFE_600_SECS,LIFE_1000_KB - -[DES-MD5-NO-VOL-LIFE] -ENCRYPTION_ALGORITHM= DES_CBC -HASH_ALGORITHM= MD5 -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_768 Life= LIFE_600_SECS [DES-SHA] @@ -132,16 +137,23 @@ ENCRYPTION_ALGORITHM= DES_CBC HASH_ALGORITHM= SHA AUTHENTICATION_METHOD= PRE_SHARED GROUP_DESCRIPTION= MODP_768 -Life= LIFE_600_SECS,LIFE_1000_KB +Life= LIFE_600_SECS # 3DES +[3DES-MD5] +ENCRYPTION_ALGORITHM= 3DES_CBC +HASH_ALGORITHM= MD5 +AUTHENTICATION_METHOD= PRE_SHARED +GROUP_DESCRIPTION= MODP_1024 +Life= LIFE_600_SECS + [3DES-SHA] ENCRYPTION_ALGORITHM= 3DES_CBC HASH_ALGORITHM= SHA AUTHENTICATION_METHOD= PRE_SHARED GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_600_SECS,LIFE_1000_KB +Life= LIFE_600_SECS # Blowfish @@ -151,7 +163,7 @@ KEY_LENGTH= 128,96:192 HASH_ALGORITHM= SHA AUTHENTICATION_METHOD= PRE_SHARED GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_600_SECS,LIFE_1000_KB +Life= LIFE_600_SECS [BLF-SHA-EC155] ENCRYPTION_ALGORITHM= BLOWFISH_CBC @@ -159,7 +171,7 @@ KEY_LENGTH= 128,96:192 HASH_ALGORITHM= SHA AUTHENTICATION_METHOD= PRE_SHARED GROUP_DESCRIPTION= EC2N_155 -Life= LIFE_600_SECS,LIFE_1000_KB +Life= LIFE_600_SECS [BLF-MD5-EC155] ENCRYPTION_ALGORITHM= BLOWFISH_CBC @@ -167,7 +179,7 @@ KEY_LENGTH= 128,96:192 HASH_ALGORITHM= MD5 AUTHENTICATION_METHOD= PRE_SHARED GROUP_DESCRIPTION= EC2N_155 -Life= LIFE_600_SECS,LIFE_1000_KB +Life= LIFE_600_SECS [BLF-SHA-EC185] ENCRYPTION_ALGORITHM= BLOWFISH_CBC @@ -175,7 +187,7 @@ KEY_LENGTH= 128,96:192 HASH_ALGORITHM= SHA AUTHENTICATION_METHOD= PRE_SHARED GROUP_DESCRIPTION= EC2N_185 -Life= LIFE_600_SECS,LIFE_1000_KB +Life= LIFE_600_SECS # Quick mode protection suites ############################## @@ -208,6 +220,14 @@ Protocols= QM-ESP-3DES-SHA [QM-ESP-3DES-SHA-PFS-SUITE] Protocols= QM-ESP-3DES-SHA-PFS +# Blowfish + +[QM-ESP-BLF-SHA-SUITE] +Protocols= QM-ESP-BLF-SHA + +[QM-ESP-BLF-SHA-PFS-SUITE] +Protocols= QM-ESP-BLF-SHA-PFS + # AH [QM-AH-MD5-SUITE] @@ -216,6 +236,12 @@ Protocols= QM-AH-MD5 [QM-AH-MD5-PFS-SUITE] Protocols= QM-AH-MD5-PFS +[QM-AH-SHA-SUITE] +Protocols= QM-AH-SHA + +[QM-AH-SHA-PFS-SUITE] +Protocols= QM-AH-SHA-PFS + # AH + ESP [QM-AH-MD5-ESP-DES-SUITE] @@ -261,6 +287,16 @@ Transforms= QM-ESP-3DES-SHA-PFS-XF PROTOCOL_ID= IPSEC_ESP Transforms= QM-ESP-3DES-SHA-TRP-XF +# Blowfish + +[QM-ESP-BLF-SHA] +PROTOCOL_ID= IPSEC_ESP +Transforms= QM-ESP-BLF-SHA-XF + +[QM-ESP-BLF-SHA-PFS] +PROTOCOL_ID= IPSEC_ESP +Transforms= QM-ESP-BLF-SHA-PFS-XF + # AH MD5 [QM-AH-MD5] @@ -271,15 +307,27 @@ Transforms= QM-AH-MD5-XF PROTOCOL_ID= IPSEC_AH Transforms= QM-AH-MD5-PFS-XF +# AH MD5 + +[QM-AH-SHA] +PROTOCOL_ID= IPSEC_AH +Transforms= QM-AH-SHA-XF + +[QM-AH-SHA-PFS] +PROTOCOL_ID= IPSEC_AH +Transforms= QM-AH-SHA-PFS-XF + # Quick mode transforms -# ESP DES+MD5 +# ESP DES [QM-ESP-DES-XF] TRANSFORM_ID= DES ENCAPSULATION_MODE= TUNNEL Life= LIFE_600_SECS +# ESP DES+MD5 + [QM-ESP-DES-MD5-XF] TRANSFORM_ID= DES ENCAPSULATION_MODE= TUNNEL @@ -293,13 +341,15 @@ GROUP_DESCRIPTION= MODP_768 AUTHENTICATION_ALGORITHM= HMAC_MD5 Life= LIFE_600_SECS +# ESP DES+SHA + [QM-ESP-DES-SHA-XF] TRANSFORM_ID= DES ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_SHA Life= LIFE_600_SECS -# 3DES +# ESP 3DES+SHA [QM-ESP-3DES-SHA-XF] TRANSFORM_ID= 3DES @@ -314,13 +364,32 @@ AUTHENTICATION_ALGORITHM= HMAC_SHA GROUP_DESCRIPTION= MODP_1024 Life= LIFE_200_SECS +# ESP 3DES+SHA - Transport mode + [QM-ESP-3DES-SHA-TRP-XF] TRANSFORM_ID= 3DES ENCAPSULATION_MODE= TRANSPORT AUTHENTICATION_ALGORITHM= HMAC_SHA Life= LIFE_200_SECS -# AH +# ESP Blowfish+SHA + +[QM-ESP-BLF-SHA-XF] +TRANSFORM_ID= BLOWFISH +KEY_LENGTH= 128,96:192 +ENCAPSULATION_MODE= TUNNEL +AUTHENTICATION_ALGORITHM= HMAC_SHA +Life= LIFE_200_SECS + +[QM-ESP-BLF-SHA-PFS-XF] +TRANSFORM_ID= BLOWFISH +KEY_LENGTH= 128,96:192 +ENCAPSULATION_MODE= TUNNEL +AUTHENTICATION_ALGORITHM= HMAC_SHA +GROUP_DESCRIPTION= MODP_1024 +Life= LIFE_200_SECS + +# AH MD5 [QM-AH-MD5-XF] TRANSFORM_ID= MD5 @@ -331,9 +400,25 @@ Life= LIFE_600_SECS [QM-AH-MD5-PFS-XF] TRANSFORM_ID= MD5 ENCAPSULATION_MODE= TUNNEL +AUTHENTICATION_ALGORITHM= HMAC_MD5 GROUP_DESCRIPTION= MODP_768 Life= LIFE_600_SECS +# AH SHA + +[QM-AH-SHA-XF] +TRANSFORM_ID= MD5 +ENCAPSULATION_MODE= TUNNEL +AUTHENTICATION_ALGORITHM= HMAC_SHA +Life= LIFE_600_SECS + +[QM-AH-SHA-PFS-XF] +TRANSFORM_ID= MD5 +ENCAPSULATION_MODE= TUNNEL +AUTHENTICATION_ALGORITHM= HMAC_SHA +GROUP_DESCRIPTION= MODP_1024 +Life= LIFE_600_SECS + [LIFE_200_SECS] LIFE_TYPE= SECONDS LIFE_DURATION= 200,150:320 |