#	$OpenBSD: singlehost-west.conf,v 1.8 2000/05/03 13:37:33 niklas Exp $
#	$EOM: singlehost-west.conf,v 1.8 2000/05/03 13:25:25 niklas Exp $

# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.

[General]
Listen-on=		10.1.0.1
Shared-SADB=		Defined

[Phase 1]
10.1.0.2=		ISAKMP-peer-east
Default=		ISAKMP-peer-east-aggressive

[Phase 2]
Connections=		IPsec-west-east

[ISAKMP-peer-east]
Phase=			1
Transport=		udp
Local-address=		10.1.0.1
Address=		10.1.0.2
Configuration=		Default-main-mode
Identification=		IPV4_ADDR/10.1.0.1
Authentication=		mekmitasdigoat

[ISAKMP-peer-east-aggressive]
Phase=			1
Transport=		udp
Local-address=		10.1.0.1
Address=		10.1.0.2
Configuration=		Default-aggressive-mode
Identification=		FQDN/diego.niklas.hallqvist.se
Authentication=		mekmitasdigoat

[IPsec-west-east]
Phase=			2
ISAKMP-peer=		ISAKMP-peer-east
Configuration=		Default-quick-mode
Local-ID=		Net-west
Remote-ID=		Net-east

[Net-west]
ID-type=		IPV4_ADDR_SUBNET
Network=		192.168.1.0
Netmask=		255.255.255.0

[Net-east]
ID-type=		IPV4_ADDR_SUBNET
Network=		192.168.2.0
Netmask=		255.255.255.0

[Default-main-mode]
DOI=			IPSEC
EXCHANGE_TYPE=		ID_PROT
Transforms=		3DES-SHA

[Default-aggressive-mode]
DOI=			IPSEC
EXCHANGE_TYPE=		AGGRESSIVE
Transforms=		3DES-SHA-RSA

[Default-quick-mode]
DOI=			IPSEC
EXCHANGE_TYPE=		QUICK_MODE
Suites=			QM-ESP-3DES-SHA-PFS-SUITE