# $Id: racoon.conf.sample-plainrsa,v 1.2 2004/07/12 20:43:51 ludvigm Exp $
# Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
#                 http://www.logix.cz/michal

# This file shows the usage of PlainRSA keys, which are widely used
# by FreeSWAN/OpenSwan/StrongSwan/*Swan users. This functionality is 
# here mainly for those who are moving from the *Swan world to Racoon.

# Racoon will look for a keyfile in this diretory.
path certificate "samples" ;

remote anonymous
{
	# *Swan supports only 'main' mode.
	exchange_mode main;

	# *Swan doesn't send identifiers by default.
	my_identifier address;
	peers_identifier address;

	# This is the trick - use PlainRSA certificates.
	certificate_type plain_rsa "privatekey.rsa";

	# Multiple certfiles are supported.
	peers_certfile plain_rsa "pubkey1.rsa";
	peers_certfile plain_rsa "pubkey2.rsa";

	# Standard setup follows...
	proposal_check obey;

	proposal {
		encryption_algorithm 3des;
		hash_algorithm sha1;
		authentication_method rsasig;
		dh_group 2;
	}
}

sainfo anonymous
{
	pfs_group 2;
	lifetime time 12 hour;
	encryption_algorithm 3des, aes;
	authentication_algorithm hmac_sha1, hmac_md5;
	compression_algorithm deflate;
}