+++ /dev/null
-# $KAME: racoon.conf.sample,v 1.28 2002/10/18 14:33:28 itojun Exp $
-
-# "path" affects "include" directive. "path" must be specified before any
-# "include" directive with relative file path.
-# you can overwrite "path" directive afterwards, however, doing so may add
-# more confusion.
-#path include "/usr/local/v6/etc" ;
-#include "remote.conf" ;
-
-# the file should contain key ID/key pairs, for pre-shared key authentication.
-path pre_shared_key "/usr/local/v6/etc/psk.txt" ;
-
-# racoon will look for certificate file in the directory,
-# if the certificate/certificate request payload is received.
-#path certificate "/usr/local/openssl/certs" ;
-
-# "log" specifies logging level. It is followed by either "notify", "debug"
-# or "debug2".
-#log debug;
-
-remote anonymous
-{
- #exchange_mode main,aggressive,base;
- exchange_mode main,base;
-
- #my_identifier fqdn "server.kame.net";
- #certificate_type x509 "foo@kame.net.cert" "foo@kame.net.priv" ;
-
- lifetime time 24 hour ; # sec,min,hour
-
- #initial_contact off ;
- #passive on ;
-
- # phase 1 proposal (for ISAKMP SA)
- proposal {
- encryption_algorithm 3des;
- hash_algorithm sha1;
- authentication_method pre_shared_key ;
- dh_group 2 ;
- }
-
- # the configuration makes racoon (as a responder) to obey the
- # initiator's lifetime and PFS group proposal.
- # this makes testing so much easier.
- proposal_check obey;
-}
-
-# phase 2 proposal (for IPsec SA).
-# actual phase 2 proposal will obey the following items:
-# - kernel IPsec policy configuration (like "esp/transport//use)
-# - permutation of the crypto/hash/compression algorithms presented below
-sainfo anonymous
-{
- pfs_group 2;
- lifetime time 12 hour ;
- encryption_algorithm 3des, cast128, blowfish 448, des, rijndael ;
- authentication_algorithm hmac_sha1, hmac_md5 ;
- compression_algorithm deflate ;
-}