X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=userapps%2Fopensource%2Fipsec-tools%2Fsrc%2Fracoon%2Fsamples%2Fracoon.conf.sample;fp=userapps%2Fopensource%2Fipsec-tools%2Fsrc%2Fracoon%2Fsamples%2Fracoon.conf.sample;h=1b50dc8c89b78626a8d7f70ddff620779cd4c620;hb=864458111a0e69d94bbae210d5b7349ca072a6b7;hp=0000000000000000000000000000000000000000;hpb=57a096f051259ceaefd5977f30d269884e1dd248;p=bcm963xx.git

diff --git a/userapps/opensource/ipsec-tools/src/racoon/samples/racoon.conf.sample b/userapps/opensource/ipsec-tools/src/racoon/samples/racoon.conf.sample
new file mode 100755
index 00000000..1b50dc8c
--- /dev/null
+++ b/userapps/opensource/ipsec-tools/src/racoon/samples/racoon.conf.sample
@@ -0,0 +1,59 @@
+# $KAME: racoon.conf.sample,v 1.28 2002/10/18 14:33:28 itojun Exp $
+
+# "path" affects "include" directive.  "path" must be specified before any
+# "include" directive with relative file path.
+# you can overwrite "path" directive afterwards, however, doing so may add
+# more confusion.
+#path include "/usr/local/v6/etc" ;
+#include "remote.conf" ;
+
+# the file should contain key ID/key pairs, for pre-shared key authentication.
+path pre_shared_key "/usr/local/v6/etc/psk.txt" ;
+
+# racoon will look for certificate file in the directory,
+# if the certificate/certificate request payload is received.
+#path certificate "/usr/local/openssl/certs" ;
+
+# "log" specifies logging level.  It is followed by either "notify", "debug"
+# or "debug2".
+#log debug;
+
+remote anonymous
+{
+	#exchange_mode main,aggressive,base;
+	exchange_mode main,base;
+
+	#my_identifier fqdn "server.kame.net";
+	#certificate_type x509 "foo@kame.net.cert" "foo@kame.net.priv" ;
+
+	lifetime time 24 hour ;	# sec,min,hour
+
+	#initial_contact off ;
+	#passive on ;
+
+	# phase 1 proposal (for ISAKMP SA)
+	proposal {
+		encryption_algorithm 3des;
+		hash_algorithm sha1;
+		authentication_method pre_shared_key ;
+		dh_group 2 ;
+	}
+
+	# the configuration makes racoon (as a responder) to obey the
+	# initiator's lifetime and PFS group proposal.
+	# this makes testing so much easier.
+	proposal_check obey;
+}
+
+# phase 2 proposal (for IPsec SA).
+# actual phase 2 proposal will obey the following items:
+# - kernel IPsec policy configuration (like "esp/transport//use)
+# - permutation of the crypto/hash/compression algorithms presented below
+sainfo anonymous
+{
+	pfs_group 2;
+	lifetime time 12 hour ;
+	encryption_algorithm 3des, cast128, blowfish 448, des, rijndael ;
+	authentication_algorithm hmac_sha1, hmac_md5 ;
+	compression_algorithm deflate ;
+}