summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sbin/isakmpd/samples/VPN-west.conf296
1 files changed, 15 insertions, 281 deletions
diff --git a/sbin/isakmpd/samples/VPN-west.conf b/sbin/isakmpd/samples/VPN-west.conf
index abbd9b980db..99e0d9a5c07 100644
--- a/sbin/isakmpd/samples/VPN-west.conf
+++ b/sbin/isakmpd/samples/VPN-west.conf
@@ -1,35 +1,28 @@
-# $OpenBSD: VPN-west.conf,v 1.9 2000/01/31 10:45:02 niklas Exp $
-# $EOM: VPN-west.conf,v 1.10 2000/01/31 09:28:36 niklas Exp $
+# $OpenBSD: VPN-west.conf,v 1.10 2000/05/02 14:37:12 niklas Exp $
+# $EOM: VPN-west.conf,v 1.12 2000/05/01 23:49:35 niklas Exp $
# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.
+#
+# The network topology of the example net is like this:
+#
+# 192.168.11.0/24 - west [.11] - 10.1.0.0/24 - [.12] east - 192.168.12.0/24
+#
+# "west" and "east" are the respective secrity gateways (aka VPN-nodes).
-[General]
-Retransmits= 5
-Exchange-max-time= 120
-Listen-on= 10.1.0.1
-
-# Incoming phase 1 negotiations are multiplexed on the source IP address
[Phase 1]
-10.1.0.2= ISAKMP-peer-east
+10.1.0.12= ISAKMP-peer-east
-# These connections are walked over after config file parsing and told
-# to the application layer so that it will inform us when traffic wants to
-# pass over them. This means we can do on-demand keying.
[Phase 2]
-Connections= IPsec-west-east
+Connections= IPsec-east-west
[ISAKMP-peer-east]
Phase= 1
Transport= udp
-Local-address= 10.1.0.1
-Address= 10.1.0.2
-# Default values for "Port" commented out
-#Port= isakmp
-#Port= 500
+Address= 10.1.0.12
Configuration= Default-main-mode
Authentication= mekmitasdigoat
-[IPsec-west-east]
+[IPsec-east-west]
Phase= 2
ISAKMP-peer= ISAKMP-peer-east
Configuration= Default-quick-mode
@@ -38,279 +31,20 @@ Remote-ID= Net-east
[Net-west]
ID-type= IPV4_ADDR_SUBNET
-Network= 192.168.1.0
+Network= 192.168.11.0
Netmask= 255.255.255.0
[Net-east]
ID-type= IPV4_ADDR_SUBNET
-Network= 192.168.2.0
+Network= 192.168.12.0
Netmask= 255.255.255.0
-# Main mode descriptions
-
[Default-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
-# Main mode transforms
-######################
-
-# DES
-
-[DES-MD5]
-ENCRYPTION_ALGORITHM= DES_CBC
-HASH_ALGORITHM= MD5
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= MODP_768
-Life= LIFE_600_SECS
-
-[DES-MD5-NO-VOL-LIFE]
-ENCRYPTION_ALGORITHM= DES_CBC
-HASH_ALGORITHM= MD5
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= MODP_768
-Life= LIFE_600_SECS
-
-[DES-SHA]
-ENCRYPTION_ALGORITHM= DES_CBC
-HASH_ALGORITHM= SHA
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= MODP_768
-Life= LIFE_600_SECS
-
-# 3DES
-
-[3DES-SHA]
-ENCRYPTION_ALGORITHM= 3DES_CBC
-HASH_ALGORITHM= SHA
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= MODP_1024
-Life= LIFE_3600_SECS
-
-# Blowfish
-
-[BLF-SHA-M1024]
-ENCRYPTION_ALGORITHM= BLOWFISH_CBC
-KEY_LENGTH= 128,96:192
-HASH_ALGORITHM= SHA
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= MODP_1024
-Life= LIFE_600_SECS
-
-[BLF-SHA-EC155]
-ENCRYPTION_ALGORITHM= BLOWFISH_CBC
-KEY_LENGTH= 128,96:192
-HASH_ALGORITHM= SHA
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= EC2N_155
-Life= LIFE_600_SECS
-
-[BLF-MD5-EC155]
-ENCRYPTION_ALGORITHM= BLOWFISH_CBC
-KEY_LENGTH= 128,96:192
-HASH_ALGORITHM= MD5
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= EC2N_155
-Life= LIFE_600_SECS
-
-[BLF-SHA-EC185]
-ENCRYPTION_ALGORITHM= BLOWFISH_CBC
-KEY_LENGTH= 128,96:192
-HASH_ALGORITHM= SHA
-AUTHENTICATION_METHOD= PRE_SHARED
-GROUP_DESCRIPTION= EC2N_185
-Life= LIFE_600_SECS
-
-# Quick mode description
-########################
-
[Default-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
-Suites= QM-ESP-3DES-SHA-PFS-SUITE,QM-ESP-DES-MD5-PFS-SUITE
-
-# Quick mode protection suites
-##############################
-
-# DES
-
-[QM-ESP-DES-SUITE]
-Protocols= QM-ESP-DES
-
-[QM-ESP-DES-PFS-SUITE]
-Protocols= QM-ESP-DES-PFS
-
-[QM-ESP-DES-MD5-SUITE]
-Protocols= QM-ESP-DES-MD5
-
-[QM-ESP-DES-MD5-PFS-SUITE]
-Protocols= QM-ESP-DES-MD5-PFS
-
-[QM-ESP-DES-SHA-SUITE]
-Protocols= QM-ESP-DES-SHA
-
-[QM-ESP-DES-SHA-PFS-SUITE]
-Protocols= QM-ESP-DES-SHA-PFS
-
-# 3DES
-
-[QM-ESP-3DES-SHA-SUITE]
-Protocols= QM-ESP-3DES-SHA
-
-[QM-ESP-3DES-SHA-PFS-SUITE]
-Protocols= QM-ESP-3DES-SHA-PFS
-
-# AH
-
-[QM-AH-MD5-SUITE]
-Protocols= QM-AH-MD5
-
-[QM-AH-MD5-PFS-SUITE]
-Protocols= QM-AH-MD5-PFS
-
-# AH + ESP
-
-[QM-AH-MD5-ESP-DES-SUITE]
-Protocols= QM-AH-MD5,QM-ESP-DES
-
-[QM-AH-MD5-ESP-DES-MD5-SUITE]
-Protocols= QM-AH-MD5,QM-ESP-DES-MD5
-
-[QM-ESP-DES-MD5-AH-MD5-SUITE]
-Protocols= QM-ESP-DES-MD5,QM-AH-MD5
-
-# Quick mode protocols
-
-# DES
-
-[QM-ESP-DES]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-DES-XF
-
-[QM-ESP-DES-MD5]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-DES-MD5-XF
-
-[QM-ESP-DES-MD5-PFS]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-DES-MD5-PFS-XF
-
-[QM-ESP-DES-SHA]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-DES-SHA-XF
-
-# 3DES
-
-[QM-ESP-3DES-SHA]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-3DES-SHA-XF
-
-[QM-ESP-3DES-SHA-PFS]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-3DES-SHA-PFS-XF
-
-[QM-ESP-3DES-SHA-TRP]
-PROTOCOL_ID= IPSEC_ESP
-Transforms= QM-ESP-3DES-SHA-TRP-XF
-
-# AH MD5
-
-[QM-AH-MD5]
-PROTOCOL_ID= IPSEC_AH
-Transforms= QM-AH-MD5-XF
-
-[QM-AH-MD5-PFS]
-PROTOCOL_ID= IPSEC_AH
-Transforms= QM-AH-MD5-PFS-XF
-
-# Quick mode transforms
-
-# ESP DES+MD5
-
-[QM-ESP-DES-XF]
-TRANSFORM_ID= DES
-ENCAPSULATION_MODE= TUNNEL
-Life= LIFE_600_SECS
-
-[QM-ESP-DES-MD5-XF]
-TRANSFORM_ID= DES
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_MD5
-Life= LIFE_600_SECS
-
-[QM-ESP-DES-MD5-PFS-XF]
-TRANSFORM_ID= DES
-ENCAPSULATION_MODE= TUNNEL
-GROUP_DESCRIPTION= MODP_1024
-AUTHENTICATION_ALGORITHM= HMAC_MD5
-Life= LIFE_600_SECS
-
-[QM-ESP-DES-SHA-XF]
-TRANSFORM_ID= DES
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_SHA
-Life= LIFE_600_SECS
-
-# 3DES
-
-[QM-ESP-3DES-SHA-XF]
-TRANSFORM_ID= 3DES
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_SHA
-Life= LIFE_600_SECS
-
-[QM-ESP-3DES-SHA-PFS-XF]
-TRANSFORM_ID= 3DES
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_SHA
-GROUP_DESCRIPTION= MODP_1024
-Life= LIFE_600_SECS
-
-[QM-ESP-3DES-SHA-TRP-XF]
-TRANSFORM_ID= 3DES
-ENCAPSULATION_MODE= TRANSPORT
-AUTHENTICATION_ALGORITHM= HMAC_SHA
-Life= LIFE_600_SECS
-
-# AH
-
-[QM-AH-MD5-XF]
-TRANSFORM_ID= MD5
-ENCAPSULATION_MODE= TUNNEL
-AUTHENTICATION_ALGORITHM= HMAC_MD5
-Life= LIFE_600_SECS
-
-[QM-AH-MD5-PFS-XF]
-TRANSFORM_ID= MD5
-ENCAPSULATION_MODE= TUNNEL
-GROUP_DESCRIPTION= MODP_768
-AUTHENTICATION_ALGORITHM= HMAC_MD5
-Life= LIFE_600_SECS
-
-[LIFE_600_SECS]
-LIFE_TYPE= SECONDS
-LIFE_DURATION= 600,450:720
-
-[LIFE_3600_SECS]
-LIFE_TYPE= SECONDS
-LIFE_DURATION= 3600,1800:7200
-
-[LIFE_1000_KB]
-LIFE_TYPE= KILOBYTES
-LIFE_DURATION= 1000,768:1536
-
-[LIFE_32_MB]
-LIFE_TYPE= KILOBYTES
-LIFE_DURATION= 32768,16384:65536
-
-[LIFE_4.5_GB]
-LIFE_TYPE= KILOBYTES
-LIFE_DURATION= 4608000,4096000:8192000
-
-# Certificates stored in PEM format
-[X509-certificates]
-CA-directory= /etc/isakmpd/ca/
-Cert-directory= /etc/isakmpd/certs/
-#Accept-self-signed= defined
-Private-key= /etc/isakmpd/private/local.key
+Suites= QM-ESP-3DES-SHA-PFS-SUITE
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-11 12:33:29 +0000