diff options
author | Othmar Gsenger <otti@anytun.org> | 2008-05-25 09:50:42 +0000 |
---|---|---|
committer | Othmar Gsenger <otti@anytun.org> | 2008-05-25 09:50:42 +0000 |
commit | 71da41451212389bea25d67bc5da696b6d194bff (patch) | |
tree | a3b20decbd8bc9e47640af5fa4b39f731477955a /keyexchange/isakmpd-20041012/samples | |
parent | improved presentation again (diff) |
moved keyexchange to http://anytun.org/svn/keyexchange
Diffstat (limited to 'keyexchange/isakmpd-20041012/samples')
10 files changed, 0 insertions, 474 deletions
diff --git a/keyexchange/isakmpd-20041012/samples/Makefile b/keyexchange/isakmpd-20041012/samples/Makefile deleted file mode 100644 index 558bd23..0000000 --- a/keyexchange/isakmpd-20041012/samples/Makefile +++ /dev/null @@ -1,34 +0,0 @@ -# $OpenBSD: Makefile,v 1.2 2003/06/03 14:39:50 ho Exp $ -# $EOM: Makefile,v 1.1 2000/05/01 20:04:53 niklas Exp $ - -# -# Copyright (c) 2000 Niklas Hallqvist. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -FILES= VPN-* policy singlehost-* -TARGETDIR= /usr/share/ipsec/isakmpd - -# The mkdir below is for installation on OpenBSD pre 2.7 -install: - @-mkdir -p ${DESTDIR}${TARGETDIR} - $(INSTALL) -c -m 0444 ${FILES} ${DESTDIR}${TARGETDIR} diff --git a/keyexchange/isakmpd-20041012/samples/VPN-3way-template.conf b/keyexchange/isakmpd-20041012/samples/VPN-3way-template.conf deleted file mode 100644 index b64c801..0000000 --- a/keyexchange/isakmpd-20041012/samples/VPN-3way-template.conf +++ /dev/null @@ -1,116 +0,0 @@ -# $OpenBSD: VPN-3way-template.conf,v 1.11 2004/02/11 08:55:22 jmc Exp $ -# $EOM: VPN-3way-template.conf,v 1.8 2000/10/09 22:08:30 angelos Exp $ -# -# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon. -# -# This is a template file of a VPN setup between three nodes in -# a fully meshed 'three-way' configuration. Suggested use is to copy -# this file to all three nodes and then edit them accordingly. -# -# These nodes are initially called XXX, YYY and ZZZ. -# -# In pseudographics: XXX --- YYY -# \ / -# ZZZ -# -# In cases where IP/network addresses should be defined values like -# 192.168.XXX.nnn have been used. -# - -# Incoming phase 1 negotiations are multiplexed on the source IP -# address. In the three-way VPN, we have two possible peers. - -[Phase 1] -192.168.YYY.nnn= ISAKMP-peer-node-YYY -192.168.ZZZ.nnn= ISAKMP-peer-node-ZZZ - -# These connections are walked over after config file parsing and -# told to the application layer so that it will inform us when -# traffic wants to pass over them. This means we can do on-demand -# keying. In the three-way VPN, each node knows two connections. - -[Phase 2] -Connections= IPsec-Conn-XXX-YYY,IPsec-Conn-XXX-ZZZ - -# ISAKMP Phase 1 peer sections -############################## - -[ISAKMP-peer-node-YYY] -Phase= 1 -Transport= udp -Address= 192.168.YYY.nnn -Configuration= Default-main-mode -Authentication= yoursharedsecretwithYYY - -[ISAKMP-peer-node-ZZZ] -Phase= 1 -Transport= udp -Address= 192.168.ZZZ.nnn -Configuration= Default-main-mode -Authentication= yoursharedsecretwithZZZ - -# IPsec Phase 2 sections -######################## - -[IPsec-Conn-XXX-YYY] -Phase= 2 -ISAKMP-peer= ISAKMP-peer-node-YYY -Configuration= Default-quick-mode -Local-ID= MyNet-XXX -Remote-ID= OtherNet-YYY - -[IPsec-Conn-XXX-ZZZ] -Phase= 2 -ISAKMP-peer= ISAKMP-peer-node-ZZZ -Configuration= Default-quick-mode -Local-ID= MyNet-XXX -Remote-ID= OtherNet-ZZZ - -# Client ID sections -#################### - -[MyNet-XXX] -ID-type= IPV4_ADDR_SUBNET -Network= 192.168.XXX.0 -Netmask= 255.255.255.0 - -[OtherNet-YYY] -ID-type= IPV4_ADDR_SUBNET -Network= 192.168.YYY.0 -Netmask= 255.255.255.0 - -[OtherNet-ZZZ] -ID-type= IPV4_ADDR_SUBNET -Network= 192.168.ZZZ.0 -Netmask= 255.255.255.0 - -# -# There is no more node-specific configuration below this point. -# - -# Main mode descriptions - -[Default-main-mode] -DOI= IPSEC -EXCHANGE_TYPE= ID_PROT -Transforms= 3DES-SHA,3DES-MD5 - -[Blowfish-main-mode] -DOI= IPSEC -EXCHANGE_TYPE= ID_PROT -Transforms= BLF-SHA-M1024 - -# Quick mode description -######################## - -[Default-quick-mode] -DOI= IPSEC -EXCHANGE_TYPE= QUICK_MODE -Suites= QM-ESP-AES-SHA-PFS-SUITE - -[Blowfish-quick-mode] -DOI= IPSEC -EXCHANGE_TYPE= QUICK_MODE -Suites= QM-ESP-BLF-SHA-PFS-SUITE -#Suites= QM-ESP-BLF-SHA-SUITE - diff --git a/keyexchange/isakmpd-20041012/samples/VPN-east.conf b/keyexchange/isakmpd-20041012/samples/VPN-east.conf deleted file mode 100644 index 04d0bb9..0000000 --- a/keyexchange/isakmpd-20041012/samples/VPN-east.conf +++ /dev/null @@ -1,50 +0,0 @@ -# $OpenBSD: VPN-east.conf,v 1.13 2003/03/16 08:13:02 matthieu Exp $ -# $EOM: VPN-east.conf,v 1.12 2000/10/09 22:08:30 angelos Exp $ - -# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon. -# -# The network topology of the example net is like this: -# -# 192.168.11.0/24 - west [.11] - 10.1.0.0/24 - [.12] east - 192.168.12.0/24 -# -# "west" and "east" are the respective security gateways (aka VPN-nodes). - -[Phase 1] -10.1.0.11= ISAKMP-peer-west - -[Phase 2] -Connections= IPsec-east-west - -[ISAKMP-peer-west] -Phase= 1 -Transport= udp -Address= 10.1.0.11 -Configuration= Default-main-mode -Authentication= mekmitasdigoat - -[IPsec-east-west] -Phase= 2 -ISAKMP-peer= ISAKMP-peer-west -Configuration= Default-quick-mode -Local-ID= Net-east -Remote-ID= Net-west - -[Net-west] -ID-type= IPV4_ADDR_SUBNET -Network= 192.168.11.0 -Netmask= 255.255.255.0 - -[Net-east] -ID-type= IPV4_ADDR_SUBNET -Network= 192.168.12.0 -Netmask= 255.255.255.0 - -[Default-main-mode] -DOI= IPSEC -EXCHANGE_TYPE= ID_PROT -Transforms= 3DES-SHA - -[Default-quick-mode] -DOI= IPSEC -EXCHANGE_TYPE= QUICK_MODE -Suites= QM-ESP-AES-SHA-PFS-SUITE diff --git a/keyexchange/isakmpd-20041012/samples/VPN-west.conf b/keyexchange/isakmpd-20041012/samples/VPN-west.conf deleted file mode 100644 index 5b3a8f6..0000000 --- a/keyexchange/isakmpd-20041012/samples/VPN-west.conf +++ /dev/null @@ -1,50 +0,0 @@ -# $OpenBSD: VPN-west.conf,v 1.14 2003/03/16 08:13:02 matthieu Exp $ -# $EOM: VPN-west.conf,v 1.13 2000/10/09 22:08:30 angelos Exp $ - -# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon. -# -# The network topology of the example net is like this: -# -# 192.168.11.0/24 - west [.11] - 10.1.0.0/24 - [.12] east - 192.168.12.0/24 -# -# "west" and "east" are the respective security gateways (aka VPN-nodes). - -[Phase 1] -10.1.0.12= ISAKMP-peer-east - -[Phase 2] -Connections= IPsec-west-east - -[ISAKMP-peer-east] -Phase= 1 -Transport= udp -Address= 10.1.0.12 -Configuration= Default-main-mode -Authentication= mekmitasdigoat - -[IPsec-west-east] -Phase= 2 -ISAKMP-peer= ISAKMP-peer-east -Configuration= Default-quick-mode -Local-ID= Net-west -Remote-ID= Net-east - -[Net-west] -ID-type= IPV4_ADDR_SUBNET -Network= 192.168.11.0 -Netmask= 255.255.255.0 - -[Net-east] -ID-type= IPV4_ADDR_SUBNET -Network= 192.168.12.0 -Netmask= 255.255.255.0 - -[Default-main-mode] -DOI= IPSEC -EXCHANGE_TYPE= ID_PROT -Transforms= 3DES-SHA - -[Default-quick-mode] -DOI= IPSEC -EXCHANGE_TYPE= QUICK_MODE -Suites= QM-ESP-AES-SHA-PFS-SUITE diff --git a/keyexchange/isakmpd-20041012/samples/policy b/keyexchange/isakmpd-20041012/samples/policy deleted file mode 100644 index 0e194aa..0000000 --- a/keyexchange/isakmpd-20041012/samples/policy +++ /dev/null @@ -1,10 +0,0 @@ -KeyNote-Version: 2 -Comment: This policy accepts ESP SAs from a remote that uses the right password - $OpenBSD: policy,v 1.6 2001/06/20 16:36:19 angelos Exp $ - $EOM: policy,v 1.6 2000/10/09 22:08:30 angelos Exp $ -Authorizer: "POLICY" -Licensees: "passphrase:mekmitasdigoat" -Conditions: app_domain == "IPsec policy" && - esp_present == "yes" && - esp_enc_alg == "aes" && - esp_auth_alg == "hmac-sha" -> "true"; diff --git a/keyexchange/isakmpd-20041012/samples/singlehost-east.conf b/keyexchange/isakmpd-20041012/samples/singlehost-east.conf deleted file mode 100644 index f0afc46..0000000 --- a/keyexchange/isakmpd-20041012/samples/singlehost-east.conf +++ /dev/null @@ -1,64 +0,0 @@ -# $OpenBSD: singlehost-east.conf,v 1.10 2000/11/23 12:56:25 niklas Exp $ -# $EOM: singlehost-east.conf,v 1.10 2000/11/23 12:24:43 niklas Exp $ - -# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon. - -[General] -Listen-on= 10.1.0.12 -Shared-SADB= Defined -Policy-File= policy - -[Phase 1] -10.1.0.11= ISAKMP-peer-west -Default= ISAKMP-peer-west-aggressive - -[Phase 2] -Connections= IPsec-east-west - -[ISAKMP-peer-west] -Phase= 1 -Transport= udp -Local-address= 10.1.0.12 -Address= 10.1.0.11 -Configuration= Default-main-mode -Authentication= mekmitasdigoat - -[ISAKMP-peer-west-aggressive] -Phase= 1 -Transport= udp -Local-address= 10.1.0.12 -Address= 10.1.0.11 -Configuration= Default-aggressive-mode -Authentication= mekmitasdigoat - -[IPsec-east-west] -Phase= 2 -ISAKMP-peer= ISAKMP-peer-west -Configuration= Default-quick-mode -Local-ID= Net-east -Remote-ID= Net-west - -[Net-west] -ID-type= IPV4_ADDR_SUBNET -Network= 192.168.11.0 -Netmask= 255.255.255.0 - -[Net-east] -ID-type= IPV4_ADDR_SUBNET -Network= 192.168.12.0 -Netmask= 255.255.255.0 - -[Default-main-mode] -DOI= IPSEC -EXCHANGE_TYPE= ID_PROT -Transforms= 3DES-SHA - -[Default-aggressive-mode] -DOI= IPSEC -EXCHANGE_TYPE= AGGRESSIVE -Transforms= 3DES-SHA-RSA - -[Default-quick-mode] -DOI= IPSEC -EXCHANGE_TYPE= QUICK_MODE -Suites= QM-ESP-AES-SHA-PFS-SUITE diff --git a/keyexchange/isakmpd-20041012/samples/singlehost-east.gdb b/keyexchange/isakmpd-20041012/samples/singlehost-east.gdb deleted file mode 100644 index a41df0d..0000000 --- a/keyexchange/isakmpd-20041012/samples/singlehost-east.gdb +++ /dev/null @@ -1 +0,0 @@ -r -d -D0=99 -D1=99 -D2=99 -D3=99 -D4=99 -D5=99 -feast.fifo -c../samples/singlehost-east.conf diff --git a/keyexchange/isakmpd-20041012/samples/singlehost-setup.sh b/keyexchange/isakmpd-20041012/samples/singlehost-setup.sh deleted file mode 100644 index 818ce2d..0000000 --- a/keyexchange/isakmpd-20041012/samples/singlehost-setup.sh +++ /dev/null @@ -1,84 +0,0 @@ -#!/bin/sh -# $OpenBSD: singlehost-setup.sh,v 1.5 2003/08/18 09:41:40 markus Exp $ -# $EOM: singlehost-setup.sh,v 1.3 2000/11/23 12:24:43 niklas Exp $ - -# A script to test single-host VPNs - -# For the 'pf' variable -. /etc/rc.conf - -# Default paths -PFCTL=/sbin/pfctl -ISAKMPD=/sbin/isakmpd - -do_routes() -{ - /sbin/route $1 -net 192.168.11.0/24 192.168.11.1 -iface >/dev/null - /sbin/route $1 -net 192.168.12.0/24 192.168.12.1 -iface >/dev/null - /sbin/route $1 -net 10.1.0.0/16 10.1.0.11 -iface >/dev/null -} - -# Called on script exit -cleanup () { - if [ "x${pf}" = "xYES" -a -f ${pf_rules} ]; then - ${PFCTL} -R -f ${pf_rules} - else - ${PFCTL} -qd - fi - - USER=`id -p | grep ^login | cut -f2` - chown $USER singlehost-east.conf singlehost-west.conf policy - chmod 644 singlehost-east.conf singlehost-west.conf policy - - [ -p east.fifo ] && echo "Q" >> east.fifo - [ -p west.fifo ] && echo "Q" >> west.fifo - rm -f east.fifo west.fifo - - do_routes delete -} - -# Start by initializing interfaces -/sbin/ifconfig lo2 192.168.11.1 netmask 0xffffff00 up -/sbin/ifconfig lo3 192.168.12.1 netmask 0xffffff00 up -/sbin/ifconfig lo4 10.1.0.11 netmask 0xffff0000 up -/sbin/ifconfig lo5 10.1.0.12 netmask 0xffff0000 up -# ... and by adding the required routes -do_routes add - -# Add rules -( - cat <<EOF -pass out quick on lo2 proto 50 all -pass out quick on lo2 from 192.168.11.0/24 to any -pass out quick on lo3 proto 50 all -pass out quick on lo3 from 192.168.12.0/24 to any -block out on lo2 all -block out on lo3 all -EOF - if [ "x${pf}" = "xYES" -a -f ${pf_rules} ]; then - cat ${pf_rules} | egrep -v '^(scrub|rdr|binat|nat)' - else - pfctl -qe >/dev/null - fi -) | pfctl -R -f - - -trap cleanup 1 2 3 15 - -# The configuration files needs proper owners and modes -USER=`id -p | grep ^uid | cut -f2` -chown $USER singlehost-east.conf singlehost-west.conf policy -chmod 600 singlehost-east.conf singlehost-west.conf policy - -# Start the daemons -rm -f east.fifo west.fifo -${ISAKMPD} -c singlehost-east.conf -f east.fifo "$@" -${ISAKMPD} -c singlehost-west.conf -f west.fifo "$@" - -# Give them some time to negotiate their stuff... -SECS=3 -echo "Waiting $SECS seconds..." -sleep $SECS -echo "Running 'ping', using the tunnel..." -ping -I 192.168.11.1 -c 5 192.168.12.1 - -cleanup diff --git a/keyexchange/isakmpd-20041012/samples/singlehost-west.conf b/keyexchange/isakmpd-20041012/samples/singlehost-west.conf deleted file mode 100644 index 40538a3..0000000 --- a/keyexchange/isakmpd-20041012/samples/singlehost-west.conf +++ /dev/null @@ -1,64 +0,0 @@ -# $OpenBSD: singlehost-west.conf,v 1.11 2003/08/20 14:43:36 ho Exp $ -# $EOM: singlehost-west.conf,v 1.10 2000/11/23 12:24:43 niklas Exp $ - -# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon. - -[General] -Listen-on= 10.1.0.11 -Shared-SADB= Defined -Policy-File= policy - -[Phase 1] -10.1.0.12= ISAKMP-peer-east -Default= ISAKMP-peer-east-aggressive - -[Phase 2] -Connections= IPsec-west-east - -[ISAKMP-peer-east] -Phase= 1 -Transport= udp -Local-address= 10.1.0.11 -Address= 10.1.0.12 -Configuration= Default-main-mode -Authentication= mekmitasdigoat - -[ISAKMP-peer-east-aggressive] -Phase= 1 -Transport= udp -Local-address= 10.1.0.11 -Address= 10.1.0.12 -Configuration= Default-aggressive-mode -Authentication= mekmitasdigoat - -[IPsec-west-east] -Phase= 2 -ISAKMP-peer= ISAKMP-peer-east -Configuration= Default-quick-mode -Local-ID= Net-west -Remote-ID= Net-east - -[Net-west] -ID-type= IPV4_ADDR_SUBNET -Network= 192.168.11.0 -Netmask= 255.255.255.0 - -[Net-east] -ID-type= IPV4_ADDR_SUBNET -Network= 192.168.12.0 -Netmask= 255.255.255.0 - -[Default-main-mode] -DOI= IPSEC -EXCHANGE_TYPE= ID_PROT -Transforms= 3DES-SHA - -[Default-aggressive-mode] -DOI= IPSEC -EXCHANGE_TYPE= AGGRESSIVE -Transforms= 3DES-SHA-RSA - -[Default-quick-mode] -DOI= IPSEC -EXCHANGE_TYPE= QUICK_MODE -Suites= QM-ESP-AES-SHA-PFS-SUITE diff --git a/keyexchange/isakmpd-20041012/samples/singlehost-west.gdb b/keyexchange/isakmpd-20041012/samples/singlehost-west.gdb deleted file mode 100644 index 5315e46..0000000 --- a/keyexchange/isakmpd-20041012/samples/singlehost-west.gdb +++ /dev/null @@ -1 +0,0 @@ -r -d -D0=99 -D1=99 -D2=99 -D3=99 -D4=99 -D5=99 -fwest.fifo -c../samples/singlehost-west.conf |