# Id: racoon.conf.sample-inherit,v 1.3 2005/12/13 16:41:07 vanhu Exp
# Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs

# This file shows the basic inheritance usage in 'remote' statements.

path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon";

remote anonymous
{
	exchange_mode main,aggressive;
	doi ipsec_doi;
	situation identity_only;

	my_identifier asn1dn;
	certificate_type x509 "my.cert.pem" "my.key.pem";

	nonce_size 16;
	initial_contact on;
	proposal_check strict;	# obey, strict or claim

	proposal {
		encryption_algorithm 3des;
		hash_algorithm sha1;
		authentication_method rsasig;
		dh_group 2;
	}
}

remote 3ffe:ffff::1 inherit anonymous
{
	exchange_mode aggressive;
	nat_traversal force;
}

remote 3ffe:ffff::1 [8000] inherit 3ffe:ffff::1
{
	lifetime time 1 min;	# sec,min,hour

	proposal {
		encryption_algorithm 3des;
		hash_algorithm sha1;
		authentication_method pre_shared_key;
		dh_group 2;
	}
}

sainfo anonymous
{
	pfs_group 2;
	lifetime time 12 hour;
	encryption_algorithm aes, 3des;
	authentication_algorithm hmac_sha1, hmac_md5;
	compression_algorithm deflate;
}