diff options
author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-05-03 13:37:34 +0000 |
---|---|---|
committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-05-03 13:37:34 +0000 |
commit | cc98a20e99a41948e5f38af4bbd46e580823b0d9 (patch) | |
tree | c942c2ff620e37212035635f10f4bf9c2f8ee343 /sbin | |
parent | b78f50f85a2620bebf080b1c24bad0d60febdba0 (diff) |
samples/singlehost-east.conf: Merge with EOM 1.8
samples/singlehost-west.conf: Merge with EOM 1.8
author: niklas
Remove unnecessary configuration data
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/isakmpd/samples/singlehost-east.conf | 292 | ||||
-rw-r--r-- | sbin/isakmpd/samples/singlehost-west.conf | 292 |
2 files changed, 6 insertions, 578 deletions
diff --git a/sbin/isakmpd/samples/singlehost-east.conf b/sbin/isakmpd/samples/singlehost-east.conf index 0784bd91f5b..7e27a288164 100644 --- a/sbin/isakmpd/samples/singlehost-east.conf +++ b/sbin/isakmpd/samples/singlehost-east.conf @@ -1,22 +1,16 @@ -# $OpenBSD: singlehost-east.conf,v 1.7 2000/01/31 10:45:02 niklas Exp $ -# $EOM: singlehost-east.conf,v 1.7 2000/01/31 09:28:36 niklas Exp $ +# $OpenBSD: singlehost-east.conf,v 1.8 2000/05/03 13:37:33 niklas Exp $ +# $EOM: singlehost-east.conf,v 1.8 2000/05/03 13:25:25 niklas Exp $ # A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon. [General] -Retransmits= 5 -Exchange-max-time= 120 Listen-on= 10.1.0.2 Shared-SADB= Defined -# Incoming phase 1 negotiations are multiplexed on the source IP address [Phase 1] 10.1.0.1= ISAKMP-peer-west Default= ISAKMP-peer-west-aggressive -# These connections are walked over after config file parsing and told -# to the application layer so that it will inform us when traffic wants to -# pass over them. This means we can do on-demand keying. [Phase 2] Connections= IPsec-east-west @@ -25,9 +19,6 @@ Phase= 1 Transport= udp Local-address= 10.1.0.2 Address= 10.1.0.1 -# Default values for "Port" commented out -#Port= isakmp -#Port= 500 Configuration= Default-main-mode Authentication= mekmitasdigoat @@ -36,9 +27,6 @@ Phase= 1 Transport= udp Local-address= 10.1.0.2 Address= 10.1.0.1 -# Default values for "Port" commented out -#Port= isakmp -#Port= 500 Configuration= Default-aggressive-mode Authentication= mekmitasdigoat @@ -59,8 +47,6 @@ ID-type= IPV4_ADDR_SUBNET Network= 192.168.2.0 Netmask= 255.255.255.0 -# Phase 1 descriptions - [Default-main-mode] DOI= IPSEC EXCHANGE_TYPE= ID_PROT @@ -71,279 +57,7 @@ DOI= IPSEC EXCHANGE_TYPE= AGGRESSIVE Transforms= 3DES-SHA-RSA -# Main mode transforms -###################### - -# DES - -[DES-MD5] -ENCRYPTION_ALGORITHM= DES_CBC -HASH_ALGORITHM= MD5 -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_768 -Life= LIFE_600_SECS - -[DES-MD5-NO-VOL-LIFE] -ENCRYPTION_ALGORITHM= DES_CBC -HASH_ALGORITHM= MD5 -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_768 -Life= LIFE_600_SECS - -[DES-SHA] -ENCRYPTION_ALGORITHM= DES_CBC -HASH_ALGORITHM= SHA -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_768 -Life= LIFE_600_SECS - -# 3DES - -[3DES-SHA] -ENCRYPTION_ALGORITHM= 3DES_CBC -HASH_ALGORITHM= SHA -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_180_SECS - -[3DES-SHA-RSA] -ENCRYPTION_ALGORITHM= 3DES_CBC -HASH_ALGORITHM= SHA -AUTHENTICATION_METHOD= RSA_SIG -GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_180_SECS - -# Blowfish - -[BLF-SHA-M1024] -ENCRYPTION_ALGORITHM= BLOWFISH_CBC -KEY_LENGTH= 128,96:192 -HASH_ALGORITHM= SHA -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_600_SECS - -[BLF-SHA-EC155] -ENCRYPTION_ALGORITHM= BLOWFISH_CBC -KEY_LENGTH= 128,96:192 -HASH_ALGORITHM= SHA -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= EC2N_155 -Life= LIFE_600_SECS - -[BLF-MD5-EC155] -ENCRYPTION_ALGORITHM= BLOWFISH_CBC -KEY_LENGTH= 128,96:192 -HASH_ALGORITHM= MD5 -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= EC2N_155 -Life= LIFE_600_SECS - -[BLF-SHA-EC185] -ENCRYPTION_ALGORITHM= BLOWFISH_CBC -KEY_LENGTH= 128,96:192 -HASH_ALGORITHM= SHA -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= EC2N_185 -Life= LIFE_600_SECS - -# Quick mode description -######################## - [Default-quick-mode] DOI= IPSEC EXCHANGE_TYPE= QUICK_MODE -Suites= QM-ESP-3DES-SHA-PFS-SUITE,QM-ESP-DES-MD5-PFS-SUITE - -# Quick mode protection suites -############################## - -# DES - -[QM-ESP-DES-SUITE] -Protocols= QM-ESP-DES - -[QM-ESP-DES-PFS-SUITE] -Protocols= QM-ESP-DES-PFS - -[QM-ESP-DES-MD5-SUITE] -Protocols= QM-ESP-DES-MD5 - -[QM-ESP-DES-MD5-PFS-SUITE] -Protocols= QM-ESP-DES-MD5-PFS - -[QM-ESP-DES-SHA-SUITE] -Protocols= QM-ESP-DES-SHA - -[QM-ESP-DES-SHA-PFS-SUITE] -Protocols= QM-ESP-DES-SHA-PFS - -# 3DES - -[QM-ESP-3DES-SHA-SUITE] -Protocols= QM-ESP-3DES-SHA - -[QM-ESP-3DES-SHA-PFS-SUITE] -Protocols= QM-ESP-3DES-SHA-PFS - -# AH - -[QM-AH-MD5-SUITE] -Protocols= QM-AH-MD5 - -[QM-AH-MD5-PFS-SUITE] -Protocols= QM-AH-MD5-PFS - -# AH + ESP - -[QM-AH-MD5-ESP-DES-SUITE] -Protocols= QM-AH-MD5,QM-ESP-DES - -[QM-AH-MD5-ESP-DES-MD5-SUITE] -Protocols= QM-AH-MD5,QM-ESP-DES-MD5 - -[QM-ESP-DES-MD5-AH-MD5-SUITE] -Protocols= QM-ESP-DES-MD5,QM-AH-MD5 - -# Quick mode protocols - -# DES - -[QM-ESP-DES] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-DES-XF - -[QM-ESP-DES-MD5] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-DES-MD5-XF - -[QM-ESP-DES-MD5-PFS] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-DES-MD5-PFS-XF - -[QM-ESP-DES-SHA] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-DES-SHA-XF - -# 3DES - -[QM-ESP-3DES-SHA] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-3DES-SHA-XF - -[QM-ESP-3DES-SHA-PFS] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-3DES-SHA-PFS-XF - -[QM-ESP-3DES-SHA-TRP] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-3DES-SHA-TRP-XF - -# AH MD5 - -[QM-AH-MD5] -PROTOCOL_ID= IPSEC_AH -Transforms= QM-AH-MD5-XF - -[QM-AH-MD5-PFS] -PROTOCOL_ID= IPSEC_AH -Transforms= QM-AH-MD5-PFS-XF - -# Quick mode transforms - -# ESP DES+MD5 - -[QM-ESP-DES-XF] -TRANSFORM_ID= DES -ENCAPSULATION_MODE= TUNNEL -Life= LIFE_600_SECS - -[QM-ESP-DES-MD5-XF] -TRANSFORM_ID= DES -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_MD5 -Life= LIFE_600_SECS - -[QM-ESP-DES-MD5-PFS-XF] -TRANSFORM_ID= DES -ENCAPSULATION_MODE= TUNNEL -GROUP_DESCRIPTION= MODP_1024 -AUTHENTICATION_ALGORITHM= HMAC_MD5 -Life= LIFE_600_SECS - -[QM-ESP-DES-SHA-XF] -TRANSFORM_ID= DES -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_600_SECS - -# 3DES - -[QM-ESP-3DES-SHA-XF] -TRANSFORM_ID= 3DES -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_60_SECS - -[QM-ESP-3DES-SHA-PFS-XF] -TRANSFORM_ID= 3DES -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_SHA -GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_60_SECS - -[QM-ESP-3DES-SHA-TRP-XF] -TRANSFORM_ID= 3DES -ENCAPSULATION_MODE= TRANSPORT -AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_60_SECS - -# AH - -[QM-AH-MD5-XF] -TRANSFORM_ID= MD5 -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_MD5 -Life= LIFE_600_SECS - -[QM-AH-MD5-PFS-XF] -TRANSFORM_ID= MD5 -ENCAPSULATION_MODE= TUNNEL -GROUP_DESCRIPTION= MODP_768 -AUTHENTICATION_ALGORITHM= HMAC_MD5 -Life= LIFE_600_SECS - -[LIFE_60_SECS] -LIFE_TYPE= SECONDS -LIFE_DURATION= 60,45:120 - -[LIFE_180_SECS] -LIFE_TYPE= SECONDS -LIFE_DURATION= 180,120:240 - -[LIFE_600_SECS] -LIFE_TYPE= SECONDS -LIFE_DURATION= 600,450:720 - -[LIFE_3600_SECS] -LIFE_TYPE= SECONDS -LIFE_DURATION= 3600,1800:7200 - -[LIFE_1000_KB] -LIFE_TYPE= KILOBYTES -LIFE_DURATION= 1000,768:1536 - -[LIFE_32_MB] -LIFE_TYPE= KILOBYTES -LIFE_DURATION= 32768,16384:65536 - -[LIFE_4.5_GB] -LIFE_TYPE= KILOBYTES -LIFE_DURATION= 4608000,4096000:8192000 - -# Certificates stored in PEM format -[X509-certificates] -CA-directory= /etc/isakmpd/ca/ -Cert-directory= /etc/isakmpd/certs/ -#Accept-self-signed= defined -Private-key= /etc/isakmpd/private/local.key +Suites= QM-ESP-3DES-SHA-PFS-SUITE diff --git a/sbin/isakmpd/samples/singlehost-west.conf b/sbin/isakmpd/samples/singlehost-west.conf index 783b96617f2..ee1d91bc48e 100644 --- a/sbin/isakmpd/samples/singlehost-west.conf +++ b/sbin/isakmpd/samples/singlehost-west.conf @@ -1,22 +1,16 @@ -# $OpenBSD: singlehost-west.conf,v 1.7 2000/01/31 10:45:03 niklas Exp $ -# $EOM: singlehost-west.conf,v 1.7 2000/01/31 09:28:36 niklas Exp $ +# $OpenBSD: singlehost-west.conf,v 1.8 2000/05/03 13:37:33 niklas Exp $ +# $EOM: singlehost-west.conf,v 1.8 2000/05/03 13:25:25 niklas Exp $ # A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon. [General] -Retransmits= 5 -Exchange-max-time= 120 Listen-on= 10.1.0.1 Shared-SADB= Defined -# Incoming phase 1 negotiations are multiplexed on the source IP address [Phase 1] 10.1.0.2= ISAKMP-peer-east Default= ISAKMP-peer-east-aggressive -# These connections are walked over after config file parsing and told -# to the application layer so that it will inform us when traffic wants to -# pass over them. This means we can do on-demand keying. [Phase 2] Connections= IPsec-west-east @@ -25,9 +19,6 @@ Phase= 1 Transport= udp Local-address= 10.1.0.1 Address= 10.1.0.2 -# Default values for "Port" commented out -#Port= isakmp -#Port= 500 Configuration= Default-main-mode Identification= IPV4_ADDR/10.1.0.1 Authentication= mekmitasdigoat @@ -37,9 +28,6 @@ Phase= 1 Transport= udp Local-address= 10.1.0.1 Address= 10.1.0.2 -# Default values for "Port" commented out -#Port= isakmp -#Port= 500 Configuration= Default-aggressive-mode Identification= FQDN/diego.niklas.hallqvist.se Authentication= mekmitasdigoat @@ -61,8 +49,6 @@ ID-type= IPV4_ADDR_SUBNET Network= 192.168.2.0 Netmask= 255.255.255.0 -# Phase 1 descriptions - [Default-main-mode] DOI= IPSEC EXCHANGE_TYPE= ID_PROT @@ -73,279 +59,7 @@ DOI= IPSEC EXCHANGE_TYPE= AGGRESSIVE Transforms= 3DES-SHA-RSA -# Main mode transforms -###################### - -# DES - -[DES-MD5] -ENCRYPTION_ALGORITHM= DES_CBC -HASH_ALGORITHM= MD5 -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_768 -Life= LIFE_600_SECS - -[DES-MD5-NO-VOL-LIFE] -ENCRYPTION_ALGORITHM= DES_CBC -HASH_ALGORITHM= MD5 -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_768 -Life= LIFE_600_SECS - -[DES-SHA] -ENCRYPTION_ALGORITHM= DES_CBC -HASH_ALGORITHM= SHA -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_768 -Life= LIFE_600_SECS - -# 3DES - -[3DES-SHA] -ENCRYPTION_ALGORITHM= 3DES_CBC -HASH_ALGORITHM= SHA -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_180_SECS - -[3DES-SHA-RSA] -ENCRYPTION_ALGORITHM= 3DES_CBC -HASH_ALGORITHM= SHA -AUTHENTICATION_METHOD= RSA_SIG -GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_180_SECS - -# Blowfish - -[BLF-SHA-M1024] -ENCRYPTION_ALGORITHM= BLOWFISH_CBC -KEY_LENGTH= 128,96:192 -HASH_ALGORITHM= SHA -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_600_SECS - -[BLF-SHA-EC155] -ENCRYPTION_ALGORITHM= BLOWFISH_CBC -KEY_LENGTH= 128,96:192 -HASH_ALGORITHM= SHA -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= EC2N_155 -Life= LIFE_600_SECS - -[BLF-MD5-EC155] -ENCRYPTION_ALGORITHM= BLOWFISH_CBC -KEY_LENGTH= 128,96:192 -HASH_ALGORITHM= MD5 -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= EC2N_155 -Life= LIFE_600_SECS - -[BLF-SHA-EC185] -ENCRYPTION_ALGORITHM= BLOWFISH_CBC -KEY_LENGTH= 128,96:192 -HASH_ALGORITHM= SHA -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= EC2N_185 -Life= LIFE_600_SECS - -# Quick mode description -######################## - [Default-quick-mode] DOI= IPSEC EXCHANGE_TYPE= QUICK_MODE -Suites= QM-ESP-3DES-SHA-PFS-SUITE,QM-ESP-DES-MD5-PFS-SUITE - -# Quick mode protection suites -############################## - -# DES - -[QM-ESP-DES-SUITE] -Protocols= QM-ESP-DES - -[QM-ESP-DES-PFS-SUITE] -Protocols= QM-ESP-DES-PFS - -[QM-ESP-DES-MD5-SUITE] -Protocols= QM-ESP-DES-MD5 - -[QM-ESP-DES-MD5-PFS-SUITE] -Protocols= QM-ESP-DES-MD5-PFS - -[QM-ESP-DES-SHA-SUITE] -Protocols= QM-ESP-DES-SHA - -[QM-ESP-DES-SHA-PFS-SUITE] -Protocols= QM-ESP-DES-SHA-PFS - -# 3DES - -[QM-ESP-3DES-SHA-SUITE] -Protocols= QM-ESP-3DES-SHA - -[QM-ESP-3DES-SHA-PFS-SUITE] -Protocols= QM-ESP-3DES-SHA-PFS - -# AH - -[QM-AH-MD5-SUITE] -Protocols= QM-AH-MD5 - -[QM-AH-MD5-PFS-SUITE] -Protocols= QM-AH-MD5-PFS - -# AH + ESP - -[QM-AH-MD5-ESP-DES-SUITE] -Protocols= QM-AH-MD5,QM-ESP-DES - -[QM-AH-MD5-ESP-DES-MD5-SUITE] -Protocols= QM-AH-MD5,QM-ESP-DES-MD5 - -[QM-ESP-DES-MD5-AH-MD5-SUITE] -Protocols= QM-ESP-DES-MD5,QM-AH-MD5 - -# Quick mode protocols - -# DES - -[QM-ESP-DES] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-DES-XF - -[QM-ESP-DES-MD5] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-DES-MD5-XF - -[QM-ESP-DES-MD5-PFS] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-DES-MD5-PFS-XF - -[QM-ESP-DES-SHA] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-DES-SHA-XF - -# 3DES - -[QM-ESP-3DES-SHA] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-3DES-SHA-XF - -[QM-ESP-3DES-SHA-PFS] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-3DES-SHA-PFS-XF - -[QM-ESP-3DES-SHA-TRP] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-3DES-SHA-TRP-XF - -# AH MD5 - -[QM-AH-MD5] -PROTOCOL_ID= IPSEC_AH -Transforms= QM-AH-MD5-XF - -[QM-AH-MD5-PFS] -PROTOCOL_ID= IPSEC_AH -Transforms= QM-AH-MD5-PFS-XF - -# Quick mode transforms - -# ESP DES+MD5 - -[QM-ESP-DES-XF] -TRANSFORM_ID= DES -ENCAPSULATION_MODE= TUNNEL -Life= LIFE_600_SECS - -[QM-ESP-DES-MD5-XF] -TRANSFORM_ID= DES -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_MD5 -Life= LIFE_600_SECS - -[QM-ESP-DES-MD5-PFS-XF] -TRANSFORM_ID= DES -ENCAPSULATION_MODE= TUNNEL -GROUP_DESCRIPTION= MODP_1024 -AUTHENTICATION_ALGORITHM= HMAC_MD5 -Life= LIFE_600_SECS - -[QM-ESP-DES-SHA-XF] -TRANSFORM_ID= DES -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_600_SECS - -# 3DES - -[QM-ESP-3DES-SHA-XF] -TRANSFORM_ID= 3DES -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_60_SECS - -[QM-ESP-3DES-SHA-PFS-XF] -TRANSFORM_ID= 3DES -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_SHA -GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_60_SECS - -[QM-ESP-3DES-SHA-TRP-XF] -TRANSFORM_ID= 3DES -ENCAPSULATION_MODE= TRANSPORT -AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_60_SECS - -# AH - -[QM-AH-MD5-XF] -TRANSFORM_ID= MD5 -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_MD5 -Life= LIFE_600_SECS - -[QM-AH-MD5-PFS-XF] -TRANSFORM_ID= MD5 -ENCAPSULATION_MODE= TUNNEL -GROUP_DESCRIPTION= MODP_768 -AUTHENTICATION_ALGORITHM= HMAC_MD5 -Life= LIFE_600_SECS - -[LIFE_60_SECS] -LIFE_TYPE= SECONDS -LIFE_DURATION= 60,45:120 - -[LIFE_180_SECS] -LIFE_TYPE= SECONDS -LIFE_DURATION= 180,120:240 - -[LIFE_600_SECS] -LIFE_TYPE= SECONDS -LIFE_DURATION= 600,450:720 - -[LIFE_3600_SECS] -LIFE_TYPE= SECONDS -LIFE_DURATION= 3600,1800:7200 - -[LIFE_1000_KB] -LIFE_TYPE= KILOBYTES -LIFE_DURATION= 1000,768:1536 - -[LIFE_32_MB] -LIFE_TYPE= KILOBYTES -LIFE_DURATION= 32768,16384:65536 - -[LIFE_4.5_GB] -LIFE_TYPE= KILOBYTES -LIFE_DURATION= 4608000,4096000:8192000 - -# Certificates stored in PEM format -[X509-certificates] -CA-directory= /etc/isakmpd/ca/ -Cert-directory= /etc/isakmpd/certs/ -#Accept-self-signed= defined -Private-key= /etc/isakmpd/private/local.key +Suites= QM-ESP-3DES-SHA-PFS-SUITE |