diff options
Diffstat (limited to 'keyexchange/isakmpd-20041012/samples/VPN-3way-template.conf')
-rw-r--r-- | keyexchange/isakmpd-20041012/samples/VPN-3way-template.conf | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/keyexchange/isakmpd-20041012/samples/VPN-3way-template.conf b/keyexchange/isakmpd-20041012/samples/VPN-3way-template.conf new file mode 100644 index 0000000..b64c801 --- /dev/null +++ b/keyexchange/isakmpd-20041012/samples/VPN-3way-template.conf @@ -0,0 +1,116 @@ +# $OpenBSD: VPN-3way-template.conf,v 1.11 2004/02/11 08:55:22 jmc Exp $ +# $EOM: VPN-3way-template.conf,v 1.8 2000/10/09 22:08:30 angelos Exp $ +# +# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon. +# +# This is a template file of a VPN setup between three nodes in +# a fully meshed 'three-way' configuration. Suggested use is to copy +# this file to all three nodes and then edit them accordingly. +# +# These nodes are initially called XXX, YYY and ZZZ. +# +# In pseudographics: XXX --- YYY +# \ / +# ZZZ +# +# In cases where IP/network addresses should be defined values like +# 192.168.XXX.nnn have been used. +# + +# Incoming phase 1 negotiations are multiplexed on the source IP +# address. In the three-way VPN, we have two possible peers. + +[Phase 1] +192.168.YYY.nnn= ISAKMP-peer-node-YYY +192.168.ZZZ.nnn= ISAKMP-peer-node-ZZZ + +# These connections are walked over after config file parsing and +# told to the application layer so that it will inform us when +# traffic wants to pass over them. This means we can do on-demand +# keying. In the three-way VPN, each node knows two connections. + +[Phase 2] +Connections= IPsec-Conn-XXX-YYY,IPsec-Conn-XXX-ZZZ + +# ISAKMP Phase 1 peer sections +############################## + +[ISAKMP-peer-node-YYY] +Phase= 1 +Transport= udp +Address= 192.168.YYY.nnn +Configuration= Default-main-mode +Authentication= yoursharedsecretwithYYY + +[ISAKMP-peer-node-ZZZ] +Phase= 1 +Transport= udp +Address= 192.168.ZZZ.nnn +Configuration= Default-main-mode +Authentication= yoursharedsecretwithZZZ + +# IPsec Phase 2 sections +######################## + +[IPsec-Conn-XXX-YYY] +Phase= 2 +ISAKMP-peer= ISAKMP-peer-node-YYY +Configuration= Default-quick-mode +Local-ID= MyNet-XXX +Remote-ID= OtherNet-YYY + +[IPsec-Conn-XXX-ZZZ] +Phase= 2 +ISAKMP-peer= ISAKMP-peer-node-ZZZ +Configuration= Default-quick-mode +Local-ID= MyNet-XXX +Remote-ID= OtherNet-ZZZ + +# Client ID sections +#################### + +[MyNet-XXX] +ID-type= IPV4_ADDR_SUBNET +Network= 192.168.XXX.0 +Netmask= 255.255.255.0 + +[OtherNet-YYY] +ID-type= IPV4_ADDR_SUBNET +Network= 192.168.YYY.0 +Netmask= 255.255.255.0 + +[OtherNet-ZZZ] +ID-type= IPV4_ADDR_SUBNET +Network= 192.168.ZZZ.0 +Netmask= 255.255.255.0 + +# +# There is no more node-specific configuration below this point. +# + +# Main mode descriptions + +[Default-main-mode] +DOI= IPSEC +EXCHANGE_TYPE= ID_PROT +Transforms= 3DES-SHA,3DES-MD5 + +[Blowfish-main-mode] +DOI= IPSEC +EXCHANGE_TYPE= ID_PROT +Transforms= BLF-SHA-M1024 + +# Quick mode description +######################## + +[Default-quick-mode] +DOI= IPSEC +EXCHANGE_TYPE= QUICK_MODE +Suites= QM-ESP-AES-SHA-PFS-SUITE + +[Blowfish-quick-mode] +DOI= IPSEC +EXCHANGE_TYPE= QUICK_MODE +Suites= QM-ESP-BLF-SHA-PFS-SUITE +#Suites= QM-ESP-BLF-SHA-SUITE + |