#	$OpenBSD: VPN-west.conf,v 1.14 2003/03/16 08:13:02 matthieu Exp $
#	$EOM: VPN-west.conf,v 1.13 2000/10/09 22:08:30 angelos Exp $

# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.
#
# The network topology of the example net is like this:
#
# 192.168.11.0/24 - west [.11] - 10.1.0.0/24 - [.12] east - 192.168.12.0/24
#
# "west" and "east" are the respective security gateways (aka VPN-nodes).

[Phase 1]
10.1.0.12=		ISAKMP-peer-east

[Phase 2]
Connections=		IPsec-west-east

[ISAKMP-peer-east]
Phase=			1
Transport=		udp
Address=		10.1.0.12
Configuration=		Default-main-mode
Authentication=		mekmitasdigoat

[IPsec-west-east]
Phase=			2
ISAKMP-peer=		ISAKMP-peer-east
Configuration=		Default-quick-mode
Local-ID=		Net-west
Remote-ID=		Net-east

[Net-west]
ID-type=		IPV4_ADDR_SUBNET
Network=		192.168.11.0
Netmask=		255.255.255.0

[Net-east]
ID-type=		IPV4_ADDR_SUBNET
Network=		192.168.12.0
Netmask=		255.255.255.0

[Default-main-mode]
DOI=			IPSEC
EXCHANGE_TYPE=		ID_PROT
Transforms=		3DES-SHA

[Default-quick-mode]
DOI=			IPSEC
EXCHANGE_TYPE=		QUICK_MODE
Suites=			QM-ESP-AES-SHA-PFS-SUITE