1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
# $OpenBSD: isakmpd.conf.sample,v 1.5 1998/11/20 23:42:29 niklas Exp $
# $EOM: isakmpd.conf.sample,v 1.17 1998/11/20 23:34:57 niklas Exp $
# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.
[General]
Retransmits= 5
[Main mode]
Offered-transforms= BLF-SHA-M1024,DES-MD5
#Accepted-transforms= BLF-SHA-M1024,BLF-SHA-EC185,BLF-SHA-EC155,DES-MD5
Accepted-transforms= BLF-SHA-EC185,BLF-SHA-EC155,DES-MD5
[DES-MD5]
ENCRYPTION_ALGORITHM= DES_CBC
HASH_ALGORITHM= MD5
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_768
Life= LIFE_600_SECS
[BLF-SHA-M1024]
ENCRYPTION_ALGORITHM= BLOWFISH_CBC
KEY_LENGTH= 128,64:196
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_600_SECS
[BLF-SHA-EC155]
ENCRYPTION_ALGORITHM= BLOWFISH_CBC
KEY_LENGTH= 128,64:196
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= EC2N_155
Life= LIFE_600_SECS
[BLF-SHA-EC185]
ENCRYPTION_ALGORITHM= BLOWFISH_CBC
KEY_LENGTH= 128,64:196
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= EC2N_185
Life= LIFE_600_SECS
[Quick mode]
#Offered-suites= QM-ESP-DES-SUITE,\
# QM-ESP-DES-MD5-SUITE,QM-AH-MD5-ESP-DES-SUITE
Offered-suites= QM-ESP-DES-SUITE
# XXX Not yet supported.
#Accepted-suites= QM-ESP-DES-MD5-SUITE,QM-AH-MD5-ESP-DES-SUITE
[QM-ESP-DES-SUITE]
Protocols= QM-ESP-DES
[QM-ESP-DES-MD5-SUITE]
Protocols= QM-ESP-DES-MD5
[QM-ESP-DES-MD5]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-DES-MD5-XF
[QM-ESP-DES-MD5-XF]
TRANSFORM_ID= DES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_MD5
Life= LIFE_600_SECS,LIFE_32_MB
[LIFE_600_SECS]
SA_LIFE_TYPE= SECONDS
SA_LIFE_DURATION= 600
[LIFE_32_MB]
SA_LIFE_TYPE= KILOBYTES
SA_LIFE_DURATION= 32768
[QM-AH-MD5-ESP-DES-SUITE]
Protocols= QM-AH-MD5,QM-ESP-DES
[QM-AH-MD5]
PROTOCOL_ID= IPSEC_AH
Transforms= QM-AH-MD5-XF
[QM-AH-MD5-XF]
TRANSFORM_ID= MD5
ENCAPSULATION_MODE= TUNNEL
[QM-ESP-DES]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-DES-XF
[QM-ESP-DES-XF]
TRANSFORM_ID= DES
ENCAPSULATION_MODE= TUNNEL
Life= LIFE_600_SECS,LIFE_32_MB
[PRE_SHARED]
127.0.0.1= my_key_to_myself
# A general pre-shared key used for everyone.
Default= mekmitasdigoat
[RSA_SIG]
CERT= /etc/isakmpd_cert
PRIVKEY= /etc/isakmpd_key
PUBKEY= /etc/isakmpd_key.pub
|
