111499Sjkh# Id: racoon.conf.sample-plainrsa,v 1.4 2005/12/13 16:41:07 vanhu Exp 211499Sjkh# Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs 311499Sjkh# http://www.logix.cz/michal 411499Sjkh 511499Sjkh# This file shows the usage of PlainRSA keys, which are widely used 611499Sjkh# by FreeSWAN/OpenSwan/StrongSwan/*Swan users. This functionality is 715242Sjkh# here mainly for those who are moving from the *Swan world to Racoon. 811499Sjkh 911499Sjkh# Racoon will look for a keyfile in this directory. 1011499Sjkhpath certificate "samples" ; 1111499Sjkh 1211499Sjkhremote anonymous 1311499Sjkh{ 1411499Sjkh # *Swan supports only 'main' mode. 1511499Sjkh exchange_mode main; 1611499Sjkh 1711499Sjkh # *Swan doesn't send identifiers by default. 1811499Sjkh my_identifier address; 1911499Sjkh peers_identifier address; 2011499Sjkh 2111499Sjkh # This is the trick - use PlainRSA certificates. 2211499Sjkh certificate_type plain_rsa "privatekey.rsa"; 2311499Sjkh 2411499Sjkh # Multiple certfiles are supported. 2511499Sjkh peers_certfile plain_rsa "pubkey1.rsa"; 2611499Sjkh peers_certfile plain_rsa "pubkey2.rsa"; 2711499Sjkh 2811499Sjkh # Standard setup follows... 2911499Sjkh proposal_check strict; 3011499Sjkh 3111499Sjkh proposal { 3211499Sjkh encryption_algorithm 3des; 3311499Sjkh hash_algorithm sha1; 3411499Sjkh authentication_method rsasig; 3511499Sjkh dh_group 2; 3611499Sjkh } 3711499Sjkh} 3811499Sjkh 3911499Sjkhsainfo anonymous 4011499Sjkh{ 4111499Sjkh pfs_group 2; 4211499Sjkh lifetime time 12 hour; 4311499Sjkh encryption_algorithm 3des, aes; 4411499Sjkh authentication_algorithm hmac_sha1, hmac_md5; 4511499Sjkh compression_algorithm deflate; 4611650Sjkh} 4711650Sjkh