summaryrefslogtreecommitdiff
path: root/keyexchange/isakmpd-20041012/samples/VPN-3way-template.conf
diff options
context:
space:
mode:
Diffstat (limited to 'keyexchange/isakmpd-20041012/samples/VPN-3way-template.conf')
-rw-r--r--keyexchange/isakmpd-20041012/samples/VPN-3way-template.conf116
1 files changed, 116 insertions, 0 deletions
diff --git a/keyexchange/isakmpd-20041012/samples/VPN-3way-template.conf b/keyexchange/isakmpd-20041012/samples/VPN-3way-template.conf
new file mode 100644
index 0000000..b64c801
--- /dev/null
+++ b/keyexchange/isakmpd-20041012/samples/VPN-3way-template.conf
@@ -0,0 +1,116 @@
+# $OpenBSD: VPN-3way-template.conf,v 1.11 2004/02/11 08:55:22 jmc Exp $
+# $EOM: VPN-3way-template.conf,v 1.8 2000/10/09 22:08:30 angelos Exp $
+#
+# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.
+#
+# This is a template file of a VPN setup between three nodes in
+# a fully meshed 'three-way' configuration. Suggested use is to copy
+# this file to all three nodes and then edit them accordingly.
+#
+# These nodes are initially called XXX, YYY and ZZZ.
+#
+# In pseudographics: XXX --- YYY
+# \ /
+# ZZZ
+#
+# In cases where IP/network addresses should be defined values like
+# 192.168.XXX.nnn have been used.
+#
+
+# Incoming phase 1 negotiations are multiplexed on the source IP
+# address. In the three-way VPN, we have two possible peers.
+
+[Phase 1]
+192.168.YYY.nnn= ISAKMP-peer-node-YYY
+192.168.ZZZ.nnn= ISAKMP-peer-node-ZZZ
+
+# These connections are walked over after config file parsing and
+# told to the application layer so that it will inform us when
+# traffic wants to pass over them. This means we can do on-demand
+# keying. In the three-way VPN, each node knows two connections.
+
+[Phase 2]
+Connections= IPsec-Conn-XXX-YYY,IPsec-Conn-XXX-ZZZ
+
+# ISAKMP Phase 1 peer sections
+##############################
+
+[ISAKMP-peer-node-YYY]
+Phase= 1
+Transport= udp
+Address= 192.168.YYY.nnn
+Configuration= Default-main-mode
+Authentication= yoursharedsecretwithYYY
+
+[ISAKMP-peer-node-ZZZ]
+Phase= 1
+Transport= udp
+Address= 192.168.ZZZ.nnn
+Configuration= Default-main-mode
+Authentication= yoursharedsecretwithZZZ
+
+# IPsec Phase 2 sections
+########################
+
+[IPsec-Conn-XXX-YYY]
+Phase= 2
+ISAKMP-peer= ISAKMP-peer-node-YYY
+Configuration= Default-quick-mode
+Local-ID= MyNet-XXX
+Remote-ID= OtherNet-YYY
+
+[IPsec-Conn-XXX-ZZZ]
+Phase= 2
+ISAKMP-peer= ISAKMP-peer-node-ZZZ
+Configuration= Default-quick-mode
+Local-ID= MyNet-XXX
+Remote-ID= OtherNet-ZZZ
+
+# Client ID sections
+####################
+
+[MyNet-XXX]
+ID-type= IPV4_ADDR_SUBNET
+Network= 192.168.XXX.0
+Netmask= 255.255.255.0
+
+[OtherNet-YYY]
+ID-type= IPV4_ADDR_SUBNET
+Network= 192.168.YYY.0
+Netmask= 255.255.255.0
+
+[OtherNet-ZZZ]
+ID-type= IPV4_ADDR_SUBNET
+Network= 192.168.ZZZ.0
+Netmask= 255.255.255.0
+
+#
+# There is no more node-specific configuration below this point.
+#
+
+# Main mode descriptions
+
+[Default-main-mode]
+DOI= IPSEC
+EXCHANGE_TYPE= ID_PROT
+Transforms= 3DES-SHA,3DES-MD5
+
+[Blowfish-main-mode]
+DOI= IPSEC
+EXCHANGE_TYPE= ID_PROT
+Transforms= BLF-SHA-M1024
+
+# Quick mode description
+########################
+
+[Default-quick-mode]
+DOI= IPSEC
+EXCHANGE_TYPE= QUICK_MODE
+Suites= QM-ESP-AES-SHA-PFS-SUITE
+
+[Blowfish-quick-mode]
+DOI= IPSEC
+EXCHANGE_TYPE= QUICK_MODE
+Suites= QM-ESP-BLF-SHA-PFS-SUITE
+#Suites= QM-ESP-BLF-SHA-SUITE
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-16 06:24:53 +0000