+++ /dev/null
-# $KAME: racoon.conf.in,v 1.18 2001/08/16 06:33:40 itojun Exp $
-
-# "path" must be placed before it should be used.
-# You can overwrite which you defined, but it should not use due to confusing.
-path include "@sysconfdir_x@/racoon";
-#include "remote.conf";
-
-# search this file for pre_shared_key with various ID key.
-path pre_shared_key "@sysconfdir_x@/racoon/psk.txt";
-
-# racoon will look for certificate file in the directory,
-# if the certificate/certificate request payload is received.
-path certificate "@sysconfdir_x@/cert";
-
-# "log" specifies logging level. It is followed by either "notify", "debug"
-# or "debug2".
-#log debug;
-
-# "padding" defines some parameter of padding. You should not touch these.
-padding
-{
- maximum_length 20; # maximum padding length.
- randomize off; # enable randomize length.
- strict_check off; # enable strict check.
- exclusive_tail off; # extract last one octet.
-}
-
-# if no listen directive is specified, racoon will listen to all
-# available interface addresses.
-listen
-{
- #isakmp ::1 [7000];
- #isakmp 202.249.11.124 [500];
- #admin [7002]; # administrative's port by kmpstat.
- #strict_address; # required all addresses must be bound.
-}
-
-# Specification of default various timer.
-timer
-{
- # These value can be changed per remote node.
- counter 5; # maximum trying count to send.
- interval 20 sec; # maximum interval to resend.
- persend 1; # the number of packets per a send.
-
- # timer for waiting to complete each phase.
- phase1 30 sec;
- phase2 15 sec;
-}
-
-remote anonymous
-{
- exchange_mode main,aggressive;
- doi ipsec_doi;
- situation identity_only;
-
- my_identifier asn1dn;
- certificate_type x509 "my.cert.pem" "my.key.pem";
-
- nonce_size 16;
- initial_contact on;
- proposal_check obey; # obey, strict or claim
-
- proposal {
- encryption_algorithm 3des;
- hash_algorithm sha1;
- authentication_method rsasig;
- dh_group 2;
- }
-}
-
-remote ::1 [8000]
-{
- #exchange_mode main,aggressive;
- exchange_mode aggressive,main;
- doi ipsec_doi;
- situation identity_only;
-
- my_identifier user_fqdn "sakane@kame.net";
- peers_identifier user_fqdn "sakane@kame.net";
- #certificate_type x509 "mycert" "mypriv";
-
- nonce_size 16;
- lifetime time 1 min; # sec,min,hour
-
- proposal {
- encryption_algorithm 3des;
- hash_algorithm sha1;
- authentication_method pre_shared_key;
- dh_group 2;
- }
-}
-
-sainfo anonymous
-{
- pfs_group 2;
- encryption_algorithm 3des;
- authentication_algorithm hmac_sha1;
- compression_algorithm deflate;
-}
-
-sainfo address 203.178.141.209 any address 203.178.141.218 any
-{
- pfs_group 2;
- lifetime time 30 sec;
- encryption_algorithm des;
- authentication_algorithm hmac_md5;
- compression_algorithm deflate;
-}
-
-sainfo address ::1 icmp6 address ::1 icmp6
-{
- pfs_group 3;
- lifetime time 60 sec;
- encryption_algorithm 3des, blowfish, aes;
- authentication_algorithm hmac_sha1, hmac_md5;
- compression_algorithm deflate;
-}
-