| # Id: racoon.conf.sample-inherit,v 1.3 2005/12/13 16:41:07 vanhu Exp |
| # Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs |
| |
| # This file shows the basic inheritance usage in 'remote' statements. |
| |
| path pre_shared_key "/etc/racoon/psk.txt"; |
| path certificate "/etc/racoon"; |
| |
| remote anonymous |
| { |
| exchange_mode main,aggressive; |
| doi ipsec_doi; |
| situation identity_only; |
| |
| my_identifier asn1dn; |
| certificate_type x509 "my.cert.pem" "my.key.pem"; |
| |
| nonce_size 16; |
| initial_contact on; |
| proposal_check strict; # obey, strict or claim |
| |
| proposal { |
| encryption_algorithm 3des; |
| hash_algorithm sha1; |
| authentication_method rsasig; |
| dh_group 2; |
| } |
| } |
| |
| remote 3ffe:ffff::1 inherit anonymous |
| { |
| exchange_mode aggressive; |
| nat_traversal force; |
| } |
| |
| remote 3ffe:ffff::1 [8000] inherit 3ffe:ffff::1 |
| { |
| lifetime time 1 min; # sec,min,hour |
| |
| proposal { |
| encryption_algorithm 3des; |
| hash_algorithm sha1; |
| authentication_method pre_shared_key; |
| dh_group 2; |
| } |
| } |
| |
| sainfo anonymous |
| { |
| pfs_group 2; |
| lifetime time 12 hour; |
| encryption_algorithm aes, 3des; |
| authentication_algorithm hmac_sha1, hmac_md5; |
| compression_algorithm deflate; |
| } |
