summaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
authorNiklas Hallqvist <niklas@cvs.openbsd.org>2000-05-02 14:37:07 +0000
committerNiklas Hallqvist <niklas@cvs.openbsd.org>2000-05-02 14:37:07 +0000
commitd827583661823ec52dbdc0303fb4e11de7935207 (patch)
tree724288e66726f24e401d89d22162c492b1d25a09 /sbin
parent72a4d4203b22931174551a88523fc297350d39b9 (diff)
Merge with EOM 1.7
author: ho Zap now redundant config data (75% actually).
Diffstat (limited to 'sbin')
-rw-r--r--sbin/isakmpd/samples/VPN-3way-template.conf343
1 files changed, 2 insertions, 341 deletions
diff --git a/sbin/isakmpd/samples/VPN-3way-template.conf b/sbin/isakmpd/samples/VPN-3way-template.conf
index f3b66adc098..f1cab8b2bed 100644
--- a/sbin/isakmpd/samples/VPN-3way-template.conf
+++ b/sbin/isakmpd/samples/VPN-3way-template.conf
@@ -1,5 +1,5 @@
-# $OpenBSD: VPN-3way-template.conf,v 1.5 2000/01/26 15:24:17 niklas Exp $
-# $EOM: VPN-3way-template.conf,v 1.6 1999/12/20 10:21:43 ho Exp $
+# $OpenBSD: VPN-3way-template.conf,v 1.6 2000/05/02 14:37:06 niklas Exp $
+# $EOM: VPN-3way-template.conf,v 1.7 2000/05/01 22:58:44 ho Exp $
#
# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.
#
@@ -88,12 +88,6 @@ Netmask= 255.255.255.0
# There is no more node-specific configuration below this point.
#
-# Miscellaneous configuration parameters
-[General]
-Retransmits= 3
-Exchange-max-time= 120
-Policy-file= /etc/isakmpd/policy
-
# Main mode descriptions
[Default-main-mode]
@@ -120,336 +114,3 @@ EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-BLF-SHA-PFS-SUITE
#Suites= QM-ESP-BLF-SHA-SUITE
-# Main mode transforms
-######################
-
-# DES
-
-[DES-MD5]
-ENCRYPTION_ALGORITHM= DES_CBC
-HASH_ALGORITHM= MD5
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= MODP_768
-Life= LIFE_600_SECS
-
-[DES-SHA]
-ENCRYPTION_ALGORITHM= DES_CBC
-HASH_ALGORITHM= SHA
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= MODP_768
-Life= LIFE_600_SECS
-
-# 3DES
-
-[3DES-MD5]
-ENCRYPTION_ALGORITHM= 3DES_CBC
-HASH_ALGORITHM= MD5
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= MODP_1024
-Life= LIFE_600_SECS
-
-[3DES-SHA]
-ENCRYPTION_ALGORITHM= 3DES_CBC
-HASH_ALGORITHM= SHA
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= MODP_1024
-Life= LIFE_600_SECS
-
-# Blowfish
-
-[BLF-SHA-M1024]
-ENCRYPTION_ALGORITHM= BLOWFISH_CBC
-KEY_LENGTH= 128,96:192
-HASH_ALGORITHM= SHA
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= MODP_1024
-Life= LIFE_600_SECS
-
-[BLF-SHA-EC155]
-ENCRYPTION_ALGORITHM= BLOWFISH_CBC
-KEY_LENGTH= 128,96:192
-HASH_ALGORITHM= SHA
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= EC2N_155
-Life= LIFE_600_SECS
-
-[BLF-MD5-EC155]
-ENCRYPTION_ALGORITHM= BLOWFISH_CBC
-KEY_LENGTH= 128,96:192
-HASH_ALGORITHM= MD5
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= EC2N_155
-Life= LIFE_600_SECS
-
-[BLF-SHA-EC185]
-ENCRYPTION_ALGORITHM= BLOWFISH_CBC
-KEY_LENGTH= 128,96:192
-HASH_ALGORITHM= SHA
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= EC2N_185
-Life= LIFE_600_SECS
-
-# Quick mode protection suites
-##############################
-
-# DES
-
-[QM-ESP-DES-SUITE]
-Protocols= QM-ESP-DES
-
-[QM-ESP-DES-PFS-SUITE]
-Protocols= QM-ESP-DES-PFS
-
-[QM-ESP-DES-MD5-SUITE]
-Protocols= QM-ESP-DES-MD5
-
-[QM-ESP-DES-MD5-PFS-SUITE]
-Protocols= QM-ESP-DES-MD5-PFS
-
-[QM-ESP-DES-SHA-SUITE]
-Protocols= QM-ESP-DES-SHA
-
-[QM-ESP-DES-SHA-PFS-SUITE]
-Protocols= QM-ESP-DES-SHA-PFS
-
-# 3DES
-
-[QM-ESP-3DES-SHA-SUITE]
-Protocols= QM-ESP-3DES-SHA
-
-[QM-ESP-3DES-SHA-PFS-SUITE]
-Protocols= QM-ESP-3DES-SHA-PFS
-
-# Blowfish
-
-[QM-ESP-BLF-SHA-SUITE]
-Protocols= QM-ESP-BLF-SHA
-
-[QM-ESP-BLF-SHA-PFS-SUITE]
-Protocols= QM-ESP-BLF-SHA-PFS
-
-# AH
-
-[QM-AH-MD5-SUITE]
-Protocols= QM-AH-MD5
-
-[QM-AH-MD5-PFS-SUITE]
-Protocols= QM-AH-MD5-PFS
-
-[QM-AH-SHA-SUITE]
-Protocols= QM-AH-SHA
-
-[QM-AH-SHA-PFS-SUITE]
-Protocols= QM-AH-SHA-PFS
-
-# AH + ESP
-
-[QM-AH-MD5-ESP-DES-SUITE]
-Protocols= QM-AH-MD5,QM-ESP-DES
-
-[QM-AH-MD5-ESP-DES-MD5-SUITE]
-Protocols= QM-AH-MD5,QM-ESP-DES-MD5
-
-[QM-ESP-DES-MD5-AH-MD5-SUITE]
-Protocols= QM-ESP-DES-MD5,QM-AH-MD5
-
-# Quick mode protocols
-
-# DES
-
-[QM-ESP-DES]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-DES-XF
-
-[QM-ESP-DES-MD5]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-DES-MD5-XF
-
-[QM-ESP-DES-MD5-PFS]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-DES-MD5-PFS-XF
-
-[QM-ESP-DES-SHA]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-DES-SHA-XF
-
-# 3DES
-
-[QM-ESP-3DES-SHA]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-3DES-SHA-XF
-
-[QM-ESP-3DES-SHA-PFS]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-3DES-SHA-PFS-XF
-
-[QM-ESP-3DES-SHA-TRP]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-3DES-SHA-TRP-XF
-
-# Blowfish
-
-[QM-ESP-BLF-SHA]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-BLF-SHA-XF
-
-[QM-ESP-BLF-SHA-PFS]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-BLF-SHA-PFS-XF
-
-# AH MD5
-
-[QM-AH-MD5]
-PROTOCOL_ID= IPSEC_AH
-Transforms= QM-AH-MD5-XF
-
-[QM-AH-MD5-PFS]
-PROTOCOL_ID= IPSEC_AH
-Transforms= QM-AH-MD5-PFS-XF
-
-# AH MD5
-
-[QM-AH-SHA]
-PROTOCOL_ID= IPSEC_AH
-Transforms= QM-AH-SHA-XF
-
-[QM-AH-SHA-PFS]
-PROTOCOL_ID= IPSEC_AH
-Transforms= QM-AH-SHA-PFS-XF
-
-# Quick mode transforms
-
-# ESP DES
-
-[QM-ESP-DES-XF]
-TRANSFORM_ID= DES
-ENCAPSULATION_MODE= TUNNEL
-Life= LIFE_600_SECS
-
-# ESP DES+MD5
-
-[QM-ESP-DES-MD5-XF]
-TRANSFORM_ID= DES
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_MD5
-Life= LIFE_600_SECS
-
-[QM-ESP-DES-MD5-PFS-XF]
-TRANSFORM_ID= DES
-ENCAPSULATION_MODE= TUNNEL
-GROUP_DESCRIPTION= MODP_768
-AUTHENTICATION_ALGORITHM= HMAC_MD5
-Life= LIFE_600_SECS
-
-# ESP DES+SHA
-
-[QM-ESP-DES-SHA-XF]
-TRANSFORM_ID= DES
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_SHA
-Life= LIFE_600_SECS
-
-# ESP 3DES+SHA
-
-[QM-ESP-3DES-SHA-XF]
-TRANSFORM_ID= 3DES
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_SHA
-Life= LIFE_200_SECS
-
-[QM-ESP-3DES-SHA-PFS-XF]
-TRANSFORM_ID= 3DES
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_SHA
-GROUP_DESCRIPTION= MODP_1024
-Life= LIFE_200_SECS
-
-# ESP 3DES+SHA - Transport mode
-
-[QM-ESP-3DES-SHA-TRP-XF]
-TRANSFORM_ID= 3DES
-ENCAPSULATION_MODE= TRANSPORT
-AUTHENTICATION_ALGORITHM= HMAC_SHA
-Life= LIFE_200_SECS
-
-# ESP Blowfish+SHA
-
-[QM-ESP-BLF-SHA-XF]
-TRANSFORM_ID= BLOWFISH
-KEY_LENGTH= 128,96:192
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_SHA
-Life= LIFE_200_SECS
-
-[QM-ESP-BLF-SHA-PFS-XF]
-TRANSFORM_ID= BLOWFISH
-KEY_LENGTH= 128,96:192
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_SHA
-GROUP_DESCRIPTION= MODP_1024
-Life= LIFE_200_SECS
-
-# AH MD5
-
-[QM-AH-MD5-XF]
-TRANSFORM_ID= MD5
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_MD5
-Life= LIFE_600_SECS
-
-[QM-AH-MD5-PFS-XF]
-TRANSFORM_ID= MD5
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_MD5
-GROUP_DESCRIPTION= MODP_768
-Life= LIFE_600_SECS
-
-# AH SHA
-
-[QM-AH-SHA-XF]
-TRANSFORM_ID= MD5
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_SHA
-Life= LIFE_600_SECS
-
-[QM-AH-SHA-PFS-XF]
-TRANSFORM_ID= MD5
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_SHA
-GROUP_DESCRIPTION= MODP_1024
-Life= LIFE_600_SECS
-
-[LIFE_200_SECS]
-LIFE_TYPE= SECONDS
-LIFE_DURATION= 200,150:320
-
-[LIFE_600_SECS]
-LIFE_TYPE= SECONDS
-LIFE_DURATION= 600,450:720
-
-[LIFE_3600_SECS]
-LIFE_TYPE= SECONDS
-LIFE_DURATION= 3600,1800:7200
-
-[LIFE_6_HOURS]
-LIFE_TYPE= SECONDS
-LIFE_DURATION= 21600,16200:32400
-
-[LIFE_1000_KB]
-LIFE_TYPE= KILOBYTES
-LIFE_DURATION= 1000,768:1536
-
-[LIFE_32_MB]
-LIFE_TYPE= KILOBYTES
-LIFE_DURATION= 32768,16384:65536
-
-[LIFE_4.5_GB]
-LIFE_TYPE= KILOBYTES
-LIFE_DURATION= 4608000,4096000:8192000
-
-# Certificates stored in PEM format
-[X509-certificates]
-CA-directory= /etc/isakmpd/ca/
-Cert-directory= /etc/isakmpd/certs/
-#Accept-self-signed= defined
-Private-key= /etc/isakmpd/private/local.key