summaryrefslogtreecommitdiff
path: root/keyexchange/isakmpd-20041012/samples
diff options
context:
space:
mode:
authorOthmar Gsenger <otti@anytun.org>2007-12-08 20:59:57 +0000
committerOthmar Gsenger <otti@anytun.org>2007-12-08 20:59:57 +0000
commitf84dc62cc602eacb0daee3e9918a68b711ba94f0 (patch)
tree1acbdabf30b2ece1da880386da6a4b7c002669c3 /keyexchange/isakmpd-20041012/samples
parent* added AuthTag class (diff)
removed isakmpd
Diffstat (limited to 'keyexchange/isakmpd-20041012/samples')
-rw-r--r--keyexchange/isakmpd-20041012/samples/Makefile34
-rw-r--r--keyexchange/isakmpd-20041012/samples/VPN-3way-template.conf116
-rw-r--r--keyexchange/isakmpd-20041012/samples/VPN-east.conf50
-rw-r--r--keyexchange/isakmpd-20041012/samples/VPN-west.conf50
-rw-r--r--keyexchange/isakmpd-20041012/samples/policy10
-rw-r--r--keyexchange/isakmpd-20041012/samples/singlehost-east.conf64
-rw-r--r--keyexchange/isakmpd-20041012/samples/singlehost-east.gdb1
-rw-r--r--keyexchange/isakmpd-20041012/samples/singlehost-setup.sh84
-rw-r--r--keyexchange/isakmpd-20041012/samples/singlehost-west.conf64
-rw-r--r--keyexchange/isakmpd-20041012/samples/singlehost-west.gdb1
10 files changed, 0 insertions, 474 deletions
diff --git a/keyexchange/isakmpd-20041012/samples/Makefile b/keyexchange/isakmpd-20041012/samples/Makefile
deleted file mode 100644
index 558bd23..0000000
--- a/keyexchange/isakmpd-20041012/samples/Makefile
+++ /dev/null
@@ -1,34 +0,0 @@
-# $OpenBSD: Makefile,v 1.2 2003/06/03 14:39:50 ho Exp $
-# $EOM: Makefile,v 1.1 2000/05/01 20:04:53 niklas Exp $
-
-#
-# Copyright (c) 2000 Niklas Hallqvist. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-FILES= VPN-* policy singlehost-*
-TARGETDIR= /usr/share/ipsec/isakmpd
-
-# The mkdir below is for installation on OpenBSD pre 2.7
-install:
- @-mkdir -p ${DESTDIR}${TARGETDIR}
- $(INSTALL) -c -m 0444 ${FILES} ${DESTDIR}${TARGETDIR}
diff --git a/keyexchange/isakmpd-20041012/samples/VPN-3way-template.conf b/keyexchange/isakmpd-20041012/samples/VPN-3way-template.conf
deleted file mode 100644
index b64c801..0000000
--- a/keyexchange/isakmpd-20041012/samples/VPN-3way-template.conf
+++ /dev/null
@@ -1,116 +0,0 @@
-# $OpenBSD: VPN-3way-template.conf,v 1.11 2004/02/11 08:55:22 jmc Exp $
-# $EOM: VPN-3way-template.conf,v 1.8 2000/10/09 22:08:30 angelos Exp $
-#
-# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.
-#
-# This is a template file of a VPN setup between three nodes in
-# a fully meshed 'three-way' configuration. Suggested use is to copy
-# this file to all three nodes and then edit them accordingly.
-#
-# These nodes are initially called XXX, YYY and ZZZ.
-#
-# In pseudographics: XXX --- YYY
-# \ /
-# ZZZ
-#
-# In cases where IP/network addresses should be defined values like
-# 192.168.XXX.nnn have been used.
-#
-
-# Incoming phase 1 negotiations are multiplexed on the source IP
-# address. In the three-way VPN, we have two possible peers.
-
-[Phase 1]
-192.168.YYY.nnn= ISAKMP-peer-node-YYY
-192.168.ZZZ.nnn= ISAKMP-peer-node-ZZZ
-
-# These connections are walked over after config file parsing and
-# told to the application layer so that it will inform us when
-# traffic wants to pass over them. This means we can do on-demand
-# keying. In the three-way VPN, each node knows two connections.
-
-[Phase 2]
-Connections= IPsec-Conn-XXX-YYY,IPsec-Conn-XXX-ZZZ
-
-# ISAKMP Phase 1 peer sections
-##############################
-
-[ISAKMP-peer-node-YYY]
-Phase= 1
-Transport= udp
-Address= 192.168.YYY.nnn
-Configuration= Default-main-mode
-Authentication= yoursharedsecretwithYYY
-
-[ISAKMP-peer-node-ZZZ]
-Phase= 1
-Transport= udp
-Address= 192.168.ZZZ.nnn
-Configuration= Default-main-mode
-Authentication= yoursharedsecretwithZZZ
-
-# IPsec Phase 2 sections
-########################
-
-[IPsec-Conn-XXX-YYY]
-Phase= 2
-ISAKMP-peer= ISAKMP-peer-node-YYY
-Configuration= Default-quick-mode
-Local-ID= MyNet-XXX
-Remote-ID= OtherNet-YYY
-
-[IPsec-Conn-XXX-ZZZ]
-Phase= 2
-ISAKMP-peer= ISAKMP-peer-node-ZZZ
-Configuration= Default-quick-mode
-Local-ID= MyNet-XXX
-Remote-ID= OtherNet-ZZZ
-
-# Client ID sections
-####################
-
-[MyNet-XXX]
-ID-type= IPV4_ADDR_SUBNET
-Network= 192.168.XXX.0
-Netmask= 255.255.255.0
-
-[OtherNet-YYY]
-ID-type= IPV4_ADDR_SUBNET
-Network= 192.168.YYY.0
-Netmask= 255.255.255.0
-
-[OtherNet-ZZZ]
-ID-type= IPV4_ADDR_SUBNET
-Network= 192.168.ZZZ.0
-Netmask= 255.255.255.0
-
-#
-# There is no more node-specific configuration below this point.
-#
-
-# Main mode descriptions
-
-[Default-main-mode]
-DOI= IPSEC
-EXCHANGE_TYPE= ID_PROT
-Transforms= 3DES-SHA,3DES-MD5
-
-[Blowfish-main-mode]
-DOI= IPSEC
-EXCHANGE_TYPE= ID_PROT
-Transforms= BLF-SHA-M1024
-
-# Quick mode description
-########################
-
-[Default-quick-mode]
-DOI= IPSEC
-EXCHANGE_TYPE= QUICK_MODE
-Suites= QM-ESP-AES-SHA-PFS-SUITE
-
-[Blowfish-quick-mode]
-DOI= IPSEC
-EXCHANGE_TYPE= QUICK_MODE
-Suites= QM-ESP-BLF-SHA-PFS-SUITE
-#Suites= QM-ESP-BLF-SHA-SUITE
-
diff --git a/keyexchange/isakmpd-20041012/samples/VPN-east.conf b/keyexchange/isakmpd-20041012/samples/VPN-east.conf
deleted file mode 100644
index 04d0bb9..0000000
--- a/keyexchange/isakmpd-20041012/samples/VPN-east.conf
+++ /dev/null
@@ -1,50 +0,0 @@
-# $OpenBSD: VPN-east.conf,v 1.13 2003/03/16 08:13:02 matthieu Exp $
-# $EOM: VPN-east.conf,v 1.12 2000/10/09 22:08:30 angelos Exp $
-
-# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.
-#
-# The network topology of the example net is like this:
-#
-# 192.168.11.0/24 - west [.11] - 10.1.0.0/24 - [.12] east - 192.168.12.0/24
-#
-# "west" and "east" are the respective security gateways (aka VPN-nodes).
-
-[Phase 1]
-10.1.0.11= ISAKMP-peer-west
-
-[Phase 2]
-Connections= IPsec-east-west
-
-[ISAKMP-peer-west]
-Phase= 1
-Transport= udp
-Address= 10.1.0.11
-Configuration= Default-main-mode
-Authentication= mekmitasdigoat
-
-[IPsec-east-west]
-Phase= 2
-ISAKMP-peer= ISAKMP-peer-west
-Configuration= Default-quick-mode
-Local-ID= Net-east
-Remote-ID= Net-west
-
-[Net-west]
-ID-type= IPV4_ADDR_SUBNET
-Network= 192.168.11.0
-Netmask= 255.255.255.0
-
-[Net-east]
-ID-type= IPV4_ADDR_SUBNET
-Network= 192.168.12.0
-Netmask= 255.255.255.0
-
-[Default-main-mode]
-DOI= IPSEC
-EXCHANGE_TYPE= ID_PROT
-Transforms= 3DES-SHA
-
-[Default-quick-mode]
-DOI= IPSEC
-EXCHANGE_TYPE= QUICK_MODE
-Suites= QM-ESP-AES-SHA-PFS-SUITE
diff --git a/keyexchange/isakmpd-20041012/samples/VPN-west.conf b/keyexchange/isakmpd-20041012/samples/VPN-west.conf
deleted file mode 100644
index 5b3a8f6..0000000
--- a/keyexchange/isakmpd-20041012/samples/VPN-west.conf
+++ /dev/null
@@ -1,50 +0,0 @@
-# $OpenBSD: VPN-west.conf,v 1.14 2003/03/16 08:13:02 matthieu Exp $
-# $EOM: VPN-west.conf,v 1.13 2000/10/09 22:08:30 angelos Exp $
-
-# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.
-#
-# The network topology of the example net is like this:
-#
-# 192.168.11.0/24 - west [.11] - 10.1.0.0/24 - [.12] east - 192.168.12.0/24
-#
-# "west" and "east" are the respective security gateways (aka VPN-nodes).
-
-[Phase 1]
-10.1.0.12= ISAKMP-peer-east
-
-[Phase 2]
-Connections= IPsec-west-east
-
-[ISAKMP-peer-east]
-Phase= 1
-Transport= udp
-Address= 10.1.0.12
-Configuration= Default-main-mode
-Authentication= mekmitasdigoat
-
-[IPsec-west-east]
-Phase= 2
-ISAKMP-peer= ISAKMP-peer-east
-Configuration= Default-quick-mode
-Local-ID= Net-west
-Remote-ID= Net-east
-
-[Net-west]
-ID-type= IPV4_ADDR_SUBNET
-Network= 192.168.11.0
-Netmask= 255.255.255.0
-
-[Net-east]
-ID-type= IPV4_ADDR_SUBNET
-Network= 192.168.12.0
-Netmask= 255.255.255.0
-
-[Default-main-mode]
-DOI= IPSEC
-EXCHANGE_TYPE= ID_PROT
-Transforms= 3DES-SHA
-
-[Default-quick-mode]
-DOI= IPSEC
-EXCHANGE_TYPE= QUICK_MODE
-Suites= QM-ESP-AES-SHA-PFS-SUITE
diff --git a/keyexchange/isakmpd-20041012/samples/policy b/keyexchange/isakmpd-20041012/samples/policy
deleted file mode 100644
index 0e194aa..0000000
--- a/keyexchange/isakmpd-20041012/samples/policy
+++ /dev/null
@@ -1,10 +0,0 @@
-KeyNote-Version: 2
-Comment: This policy accepts ESP SAs from a remote that uses the right password
- $OpenBSD: policy,v 1.6 2001/06/20 16:36:19 angelos Exp $
- $EOM: policy,v 1.6 2000/10/09 22:08:30 angelos Exp $
-Authorizer: "POLICY"
-Licensees: "passphrase:mekmitasdigoat"
-Conditions: app_domain == "IPsec policy" &&
- esp_present == "yes" &&
- esp_enc_alg == "aes" &&
- esp_auth_alg == "hmac-sha" -> "true";
diff --git a/keyexchange/isakmpd-20041012/samples/singlehost-east.conf b/keyexchange/isakmpd-20041012/samples/singlehost-east.conf
deleted file mode 100644
index f0afc46..0000000
--- a/keyexchange/isakmpd-20041012/samples/singlehost-east.conf
+++ /dev/null
@@ -1,64 +0,0 @@
-# $OpenBSD: singlehost-east.conf,v 1.10 2000/11/23 12:56:25 niklas Exp $
-# $EOM: singlehost-east.conf,v 1.10 2000/11/23 12:24:43 niklas Exp $
-
-# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.
-
-[General]
-Listen-on= 10.1.0.12
-Shared-SADB= Defined
-Policy-File= policy
-
-[Phase 1]
-10.1.0.11= ISAKMP-peer-west
-Default= ISAKMP-peer-west-aggressive
-
-[Phase 2]
-Connections= IPsec-east-west
-
-[ISAKMP-peer-west]
-Phase= 1
-Transport= udp
-Local-address= 10.1.0.12
-Address= 10.1.0.11
-Configuration= Default-main-mode
-Authentication= mekmitasdigoat
-
-[ISAKMP-peer-west-aggressive]
-Phase= 1
-Transport= udp
-Local-address= 10.1.0.12
-Address= 10.1.0.11
-Configuration= Default-aggressive-mode
-Authentication= mekmitasdigoat
-
-[IPsec-east-west]
-Phase= 2
-ISAKMP-peer= ISAKMP-peer-west
-Configuration= Default-quick-mode
-Local-ID= Net-east
-Remote-ID= Net-west
-
-[Net-west]
-ID-type= IPV4_ADDR_SUBNET
-Network= 192.168.11.0
-Netmask= 255.255.255.0
-
-[Net-east]
-ID-type= IPV4_ADDR_SUBNET
-Network= 192.168.12.0
-Netmask= 255.255.255.0
-
-[Default-main-mode]
-DOI= IPSEC
-EXCHANGE_TYPE= ID_PROT
-Transforms= 3DES-SHA
-
-[Default-aggressive-mode]
-DOI= IPSEC
-EXCHANGE_TYPE= AGGRESSIVE
-Transforms= 3DES-SHA-RSA
-
-[Default-quick-mode]
-DOI= IPSEC
-EXCHANGE_TYPE= QUICK_MODE
-Suites= QM-ESP-AES-SHA-PFS-SUITE
diff --git a/keyexchange/isakmpd-20041012/samples/singlehost-east.gdb b/keyexchange/isakmpd-20041012/samples/singlehost-east.gdb
deleted file mode 100644
index a41df0d..0000000
--- a/keyexchange/isakmpd-20041012/samples/singlehost-east.gdb
+++ /dev/null
@@ -1 +0,0 @@
-r -d -D0=99 -D1=99 -D2=99 -D3=99 -D4=99 -D5=99 -feast.fifo -c../samples/singlehost-east.conf
diff --git a/keyexchange/isakmpd-20041012/samples/singlehost-setup.sh b/keyexchange/isakmpd-20041012/samples/singlehost-setup.sh
deleted file mode 100644
index 818ce2d..0000000
--- a/keyexchange/isakmpd-20041012/samples/singlehost-setup.sh
+++ /dev/null
@@ -1,84 +0,0 @@
-#!/bin/sh
-# $OpenBSD: singlehost-setup.sh,v 1.5 2003/08/18 09:41:40 markus Exp $
-# $EOM: singlehost-setup.sh,v 1.3 2000/11/23 12:24:43 niklas Exp $
-
-# A script to test single-host VPNs
-
-# For the 'pf' variable
-. /etc/rc.conf
-
-# Default paths
-PFCTL=/sbin/pfctl
-ISAKMPD=/sbin/isakmpd
-
-do_routes()
-{
- /sbin/route $1 -net 192.168.11.0/24 192.168.11.1 -iface >/dev/null
- /sbin/route $1 -net 192.168.12.0/24 192.168.12.1 -iface >/dev/null
- /sbin/route $1 -net 10.1.0.0/16 10.1.0.11 -iface >/dev/null
-}
-
-# Called on script exit
-cleanup () {
- if [ "x${pf}" = "xYES" -a -f ${pf_rules} ]; then
- ${PFCTL} -R -f ${pf_rules}
- else
- ${PFCTL} -qd
- fi
-
- USER=`id -p | grep ^login | cut -f2`
- chown $USER singlehost-east.conf singlehost-west.conf policy
- chmod 644 singlehost-east.conf singlehost-west.conf policy
-
- [ -p east.fifo ] && echo "Q" >> east.fifo
- [ -p west.fifo ] && echo "Q" >> west.fifo
- rm -f east.fifo west.fifo
-
- do_routes delete
-}
-
-# Start by initializing interfaces
-/sbin/ifconfig lo2 192.168.11.1 netmask 0xffffff00 up
-/sbin/ifconfig lo3 192.168.12.1 netmask 0xffffff00 up
-/sbin/ifconfig lo4 10.1.0.11 netmask 0xffff0000 up
-/sbin/ifconfig lo5 10.1.0.12 netmask 0xffff0000 up
-# ... and by adding the required routes
-do_routes add
-
-# Add rules
-(
- cat <<EOF
-pass out quick on lo2 proto 50 all
-pass out quick on lo2 from 192.168.11.0/24 to any
-pass out quick on lo3 proto 50 all
-pass out quick on lo3 from 192.168.12.0/24 to any
-block out on lo2 all
-block out on lo3 all
-EOF
- if [ "x${pf}" = "xYES" -a -f ${pf_rules} ]; then
- cat ${pf_rules} | egrep -v '^(scrub|rdr|binat|nat)'
- else
- pfctl -qe >/dev/null
- fi
-) | pfctl -R -f -
-
-trap cleanup 1 2 3 15
-
-# The configuration files needs proper owners and modes
-USER=`id -p | grep ^uid | cut -f2`
-chown $USER singlehost-east.conf singlehost-west.conf policy
-chmod 600 singlehost-east.conf singlehost-west.conf policy
-
-# Start the daemons
-rm -f east.fifo west.fifo
-${ISAKMPD} -c singlehost-east.conf -f east.fifo "$@"
-${ISAKMPD} -c singlehost-west.conf -f west.fifo "$@"
-
-# Give them some time to negotiate their stuff...
-SECS=3
-echo "Waiting $SECS seconds..."
-sleep $SECS
-echo "Running 'ping', using the tunnel..."
-ping -I 192.168.11.1 -c 5 192.168.12.1
-
-cleanup
diff --git a/keyexchange/isakmpd-20041012/samples/singlehost-west.conf b/keyexchange/isakmpd-20041012/samples/singlehost-west.conf
deleted file mode 100644
index 40538a3..0000000
--- a/keyexchange/isakmpd-20041012/samples/singlehost-west.conf
+++ /dev/null
@@ -1,64 +0,0 @@
-# $OpenBSD: singlehost-west.conf,v 1.11 2003/08/20 14:43:36 ho Exp $
-# $EOM: singlehost-west.conf,v 1.10 2000/11/23 12:24:43 niklas Exp $
-
-# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.
-
-[General]
-Listen-on= 10.1.0.11
-Shared-SADB= Defined
-Policy-File= policy
-
-[Phase 1]
-10.1.0.12= ISAKMP-peer-east
-Default= ISAKMP-peer-east-aggressive
-
-[Phase 2]
-Connections= IPsec-west-east
-
-[ISAKMP-peer-east]
-Phase= 1
-Transport= udp
-Local-address= 10.1.0.11
-Address= 10.1.0.12
-Configuration= Default-main-mode
-Authentication= mekmitasdigoat
-
-[ISAKMP-peer-east-aggressive]
-Phase= 1
-Transport= udp
-Local-address= 10.1.0.11
-Address= 10.1.0.12
-Configuration= Default-aggressive-mode
-Authentication= mekmitasdigoat
-
-[IPsec-west-east]
-Phase= 2
-ISAKMP-peer= ISAKMP-peer-east
-Configuration= Default-quick-mode
-Local-ID= Net-west
-Remote-ID= Net-east
-
-[Net-west]
-ID-type= IPV4_ADDR_SUBNET
-Network= 192.168.11.0
-Netmask= 255.255.255.0
-
-[Net-east]
-ID-type= IPV4_ADDR_SUBNET
-Network= 192.168.12.0
-Netmask= 255.255.255.0
-
-[Default-main-mode]
-DOI= IPSEC
-EXCHANGE_TYPE= ID_PROT
-Transforms= 3DES-SHA
-
-[Default-aggressive-mode]
-DOI= IPSEC
-EXCHANGE_TYPE= AGGRESSIVE
-Transforms= 3DES-SHA-RSA
-
-[Default-quick-mode]
-DOI= IPSEC
-EXCHANGE_TYPE= QUICK_MODE
-Suites= QM-ESP-AES-SHA-PFS-SUITE
diff --git a/keyexchange/isakmpd-20041012/samples/singlehost-west.gdb b/keyexchange/isakmpd-20041012/samples/singlehost-west.gdb
deleted file mode 100644
index 5315e46..0000000
--- a/keyexchange/isakmpd-20041012/samples/singlehost-west.gdb
+++ /dev/null
@@ -1 +0,0 @@
-r -d -D0=99 -D1=99 -D2=99 -D3=99 -D4=99 -D5=99 -fwest.fifo -c../samples/singlehost-west.conf