diff options
author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-05-02 14:37:07 +0000 |
---|---|---|
committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-05-02 14:37:07 +0000 |
commit | d827583661823ec52dbdc0303fb4e11de7935207 (patch) | |
tree | 724288e66726f24e401d89d22162c492b1d25a09 /sbin | |
parent | 72a4d4203b22931174551a88523fc297350d39b9 (diff) |
Merge with EOM 1.7
author: ho
Zap now redundant config data (75% actually).
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/isakmpd/samples/VPN-3way-template.conf | 343 |
1 files changed, 2 insertions, 341 deletions
diff --git a/sbin/isakmpd/samples/VPN-3way-template.conf b/sbin/isakmpd/samples/VPN-3way-template.conf index f3b66adc098..f1cab8b2bed 100644 --- a/sbin/isakmpd/samples/VPN-3way-template.conf +++ b/sbin/isakmpd/samples/VPN-3way-template.conf @@ -1,5 +1,5 @@ -# $OpenBSD: VPN-3way-template.conf,v 1.5 2000/01/26 15:24:17 niklas Exp $ -# $EOM: VPN-3way-template.conf,v 1.6 1999/12/20 10:21:43 ho Exp $ +# $OpenBSD: VPN-3way-template.conf,v 1.6 2000/05/02 14:37:06 niklas Exp $ +# $EOM: VPN-3way-template.conf,v 1.7 2000/05/01 22:58:44 ho Exp $ # # A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon. # @@ -88,12 +88,6 @@ Netmask= 255.255.255.0 # There is no more node-specific configuration below this point. # -# Miscellaneous configuration parameters -[General] -Retransmits= 3 -Exchange-max-time= 120 -Policy-file= /etc/isakmpd/policy - # Main mode descriptions [Default-main-mode] @@ -120,336 +114,3 @@ EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-BLF-SHA-PFS-SUITE #Suites= QM-ESP-BLF-SHA-SUITE -# Main mode transforms -###################### - -# DES - -[DES-MD5] -ENCRYPTION_ALGORITHM= DES_CBC -HASH_ALGORITHM= MD5 -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_768 -Life= LIFE_600_SECS - -[DES-SHA] -ENCRYPTION_ALGORITHM= DES_CBC -HASH_ALGORITHM= SHA -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_768 -Life= LIFE_600_SECS - -# 3DES - -[3DES-MD5] -ENCRYPTION_ALGORITHM= 3DES_CBC -HASH_ALGORITHM= MD5 -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_600_SECS - -[3DES-SHA] -ENCRYPTION_ALGORITHM= 3DES_CBC -HASH_ALGORITHM= SHA -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_600_SECS - -# Blowfish - -[BLF-SHA-M1024] -ENCRYPTION_ALGORITHM= BLOWFISH_CBC -KEY_LENGTH= 128,96:192 -HASH_ALGORITHM= SHA -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_600_SECS - -[BLF-SHA-EC155] -ENCRYPTION_ALGORITHM= BLOWFISH_CBC -KEY_LENGTH= 128,96:192 -HASH_ALGORITHM= SHA -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= EC2N_155 -Life= LIFE_600_SECS - -[BLF-MD5-EC155] -ENCRYPTION_ALGORITHM= BLOWFISH_CBC -KEY_LENGTH= 128,96:192 -HASH_ALGORITHM= MD5 -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= EC2N_155 -Life= LIFE_600_SECS - -[BLF-SHA-EC185] -ENCRYPTION_ALGORITHM= BLOWFISH_CBC -KEY_LENGTH= 128,96:192 -HASH_ALGORITHM= SHA -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= EC2N_185 -Life= LIFE_600_SECS - -# Quick mode protection suites -############################## - -# DES - -[QM-ESP-DES-SUITE] -Protocols= QM-ESP-DES - -[QM-ESP-DES-PFS-SUITE] -Protocols= QM-ESP-DES-PFS - -[QM-ESP-DES-MD5-SUITE] -Protocols= QM-ESP-DES-MD5 - -[QM-ESP-DES-MD5-PFS-SUITE] -Protocols= QM-ESP-DES-MD5-PFS - -[QM-ESP-DES-SHA-SUITE] -Protocols= QM-ESP-DES-SHA - -[QM-ESP-DES-SHA-PFS-SUITE] -Protocols= QM-ESP-DES-SHA-PFS - -# 3DES - -[QM-ESP-3DES-SHA-SUITE] -Protocols= QM-ESP-3DES-SHA - -[QM-ESP-3DES-SHA-PFS-SUITE] -Protocols= QM-ESP-3DES-SHA-PFS - -# Blowfish - -[QM-ESP-BLF-SHA-SUITE] -Protocols= QM-ESP-BLF-SHA - -[QM-ESP-BLF-SHA-PFS-SUITE] -Protocols= QM-ESP-BLF-SHA-PFS - -# AH - -[QM-AH-MD5-SUITE] -Protocols= QM-AH-MD5 - -[QM-AH-MD5-PFS-SUITE] -Protocols= QM-AH-MD5-PFS - -[QM-AH-SHA-SUITE] -Protocols= QM-AH-SHA - -[QM-AH-SHA-PFS-SUITE] -Protocols= QM-AH-SHA-PFS - -# AH + ESP - -[QM-AH-MD5-ESP-DES-SUITE] -Protocols= QM-AH-MD5,QM-ESP-DES - -[QM-AH-MD5-ESP-DES-MD5-SUITE] -Protocols= QM-AH-MD5,QM-ESP-DES-MD5 - -[QM-ESP-DES-MD5-AH-MD5-SUITE] -Protocols= QM-ESP-DES-MD5,QM-AH-MD5 - -# Quick mode protocols - -# DES - -[QM-ESP-DES] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-DES-XF - -[QM-ESP-DES-MD5] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-DES-MD5-XF - -[QM-ESP-DES-MD5-PFS] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-DES-MD5-PFS-XF - -[QM-ESP-DES-SHA] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-DES-SHA-XF - -# 3DES - -[QM-ESP-3DES-SHA] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-3DES-SHA-XF - -[QM-ESP-3DES-SHA-PFS] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-3DES-SHA-PFS-XF - -[QM-ESP-3DES-SHA-TRP] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-3DES-SHA-TRP-XF - -# Blowfish - -[QM-ESP-BLF-SHA] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-BLF-SHA-XF - -[QM-ESP-BLF-SHA-PFS] -PROTOCOL_ID= IPSEC_ESP -Transforms= QM-ESP-BLF-SHA-PFS-XF - -# AH MD5 - -[QM-AH-MD5] -PROTOCOL_ID= IPSEC_AH -Transforms= QM-AH-MD5-XF - -[QM-AH-MD5-PFS] -PROTOCOL_ID= IPSEC_AH -Transforms= QM-AH-MD5-PFS-XF - -# AH MD5 - -[QM-AH-SHA] -PROTOCOL_ID= IPSEC_AH -Transforms= QM-AH-SHA-XF - -[QM-AH-SHA-PFS] -PROTOCOL_ID= IPSEC_AH -Transforms= QM-AH-SHA-PFS-XF - -# Quick mode transforms - -# ESP DES - -[QM-ESP-DES-XF] -TRANSFORM_ID= DES -ENCAPSULATION_MODE= TUNNEL -Life= LIFE_600_SECS - -# ESP DES+MD5 - -[QM-ESP-DES-MD5-XF] -TRANSFORM_ID= DES -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_MD5 -Life= LIFE_600_SECS - -[QM-ESP-DES-MD5-PFS-XF] -TRANSFORM_ID= DES -ENCAPSULATION_MODE= TUNNEL -GROUP_DESCRIPTION= MODP_768 -AUTHENTICATION_ALGORITHM= HMAC_MD5 -Life= LIFE_600_SECS - -# ESP DES+SHA - -[QM-ESP-DES-SHA-XF] -TRANSFORM_ID= DES -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_600_SECS - -# ESP 3DES+SHA - -[QM-ESP-3DES-SHA-XF] -TRANSFORM_ID= 3DES -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_200_SECS - -[QM-ESP-3DES-SHA-PFS-XF] -TRANSFORM_ID= 3DES -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_SHA -GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_200_SECS - -# ESP 3DES+SHA - Transport mode - -[QM-ESP-3DES-SHA-TRP-XF] -TRANSFORM_ID= 3DES -ENCAPSULATION_MODE= TRANSPORT -AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_200_SECS - -# ESP Blowfish+SHA - -[QM-ESP-BLF-SHA-XF] -TRANSFORM_ID= BLOWFISH -KEY_LENGTH= 128,96:192 -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_200_SECS - -[QM-ESP-BLF-SHA-PFS-XF] -TRANSFORM_ID= BLOWFISH -KEY_LENGTH= 128,96:192 -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_SHA -GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_200_SECS - -# AH MD5 - -[QM-AH-MD5-XF] -TRANSFORM_ID= MD5 -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_MD5 -Life= LIFE_600_SECS - -[QM-AH-MD5-PFS-XF] -TRANSFORM_ID= MD5 -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_MD5 -GROUP_DESCRIPTION= MODP_768 -Life= LIFE_600_SECS - -# AH SHA - -[QM-AH-SHA-XF] -TRANSFORM_ID= MD5 -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_600_SECS - -[QM-AH-SHA-PFS-XF] -TRANSFORM_ID= MD5 -ENCAPSULATION_MODE= TUNNEL -AUTHENTICATION_ALGORITHM= HMAC_SHA -GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_600_SECS - -[LIFE_200_SECS] -LIFE_TYPE= SECONDS -LIFE_DURATION= 200,150:320 - -[LIFE_600_SECS] -LIFE_TYPE= SECONDS -LIFE_DURATION= 600,450:720 - -[LIFE_3600_SECS] -LIFE_TYPE= SECONDS -LIFE_DURATION= 3600,1800:7200 - -[LIFE_6_HOURS] -LIFE_TYPE= SECONDS -LIFE_DURATION= 21600,16200:32400 - -[LIFE_1000_KB] -LIFE_TYPE= KILOBYTES -LIFE_DURATION= 1000,768:1536 - -[LIFE_32_MB] -LIFE_TYPE= KILOBYTES -LIFE_DURATION= 32768,16384:65536 - -[LIFE_4.5_GB] -LIFE_TYPE= KILOBYTES -LIFE_DURATION= 4608000,4096000:8192000 - -# Certificates stored in PEM format -[X509-certificates] -CA-directory= /etc/isakmpd/ca/ -Cert-directory= /etc/isakmpd/certs/ -#Accept-self-signed= defined -Private-key= /etc/isakmpd/private/local.key |