| # Id: racoon.conf.sample-plainrsa,v 1.4 2005/12/13 16:41:07 vanhu Exp |
| # Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs |
| # http://www.logix.cz/michal |
| |
| # This file shows the usage of PlainRSA keys, which are widely used |
| # by FreeSWAN/OpenSwan/StrongSwan/*Swan users. This functionality is |
| # here mainly for those who are moving from the *Swan world to Racoon. |
| |
| # Racoon will look for a keyfile in this directory. |
| path certificate "samples" ; |
| |
| remote anonymous |
| { |
| # *Swan supports only 'main' mode. |
| exchange_mode main; |
| |
| # *Swan doesn't send identifiers by default. |
| my_identifier address; |
| peers_identifier address; |
| |
| # This is the trick - use PlainRSA certificates. |
| certificate_type plain_rsa "privatekey.rsa"; |
| |
| # Multiple certfiles are supported. |
| peers_certfile plain_rsa "pubkey1.rsa"; |
| peers_certfile plain_rsa "pubkey2.rsa"; |
| |
| # Standard setup follows... |
| proposal_check strict; |
| |
| proposal { |
| encryption_algorithm 3des; |
| hash_algorithm sha1; |
| authentication_method rsasig; |
| dh_group 2; |
| } |
| } |
| |
| sainfo anonymous |
| { |
| pfs_group 2; |
| lifetime time 12 hour; |
| encryption_algorithm 3des, aes; |
| authentication_algorithm hmac_sha1, hmac_md5; |
| compression_algorithm deflate; |
| } |