1# $KAME: racoon.conf.in,v 1.18 2001/08/16 06:33:40 itojun Exp $ 2 3# "path" must be placed before it should be used. 4# You can overwrite which you defined, but it should not use due to confusing. 5path include "@sysconfdir_x@/racoon" ; 6#include "remote.conf" ; 7 8# search this file for pre_shared_key with various ID key. 9path pre_shared_key "@sysconfdir_x@/racoon/psk.txt" ; 10 11# racoon will look for certificate file in the directory, 12# if the certificate/certificate request payload is received. 13path certificate "@sysconfdir_x@/cert" ; 14 15# "log" specifies logging level. It is followed by either "notify", "debug" 16# or "debug2". 17#log debug; 18 19# "padding" defines some parameter of padding. You should not touch these. 20padding 21{ 22 maximum_length 20; # maximum padding length. 23 randomize off; # enable randomize length. 24 strict_check off; # enable strict check. 25 exclusive_tail off; # extract last one octet. 26} 27 28# if no listen directive is specified, racoon will listen to all 29# available interface addresses. 30listen 31{ 32 #isakmp ::1 [7000]; 33 #isakmp 202.249.11.124 [500]; 34 #admin [7002]; # administrative's port by kmpstat. 35 #strict_address; # required all addresses must be bound. 36} 37 38# Specification of default various timer. 39timer 40{ 41 # These value can be changed per remote node. 42 counter 5; # maximum trying count to send. 43 interval 20 sec; # maximum interval to resend. 44 persend 1; # the number of packets per a send. 45 46 # timer for waiting to complete each phase. 47 phase1 30 sec; 48 phase2 15 sec; 49} 50 51remote anonymous 52{ 53 #exchange_mode main,aggressive; 54 exchange_mode aggressive,main; 55 doi ipsec_doi; 56 situation identity_only; 57 58 #my_identifier address; 59 my_identifier user_fqdn "sakane@kame.net"; 60 peers_identifier user_fqdn "sakane@kame.net"; 61 #certificate_type x509 "mycert" "mypriv"; 62 63 nonce_size 16; 64 lifetime time 1 min; # sec,min,hour 65 initial_contact on; 66 support_mip6 on; 67 proposal_check obey; # obey, strict or claim 68 69 proposal { 70 encryption_algorithm 3des; 71 hash_algorithm sha1; 72 authentication_method pre_shared_key ; 73 dh_group 2 ; 74 } 75} 76 77remote ::1 [8000] 78{ 79 #exchange_mode main,aggressive; 80 exchange_mode aggressive,main; 81 doi ipsec_doi; 82 situation identity_only; 83 84 my_identifier user_fqdn "sakane@kame.net"; 85 peers_identifier user_fqdn "sakane@kame.net"; 86 #certificate_type x509 "mycert" "mypriv"; 87 88 nonce_size 16; 89 lifetime time 1 min; # sec,min,hour 90 91 proposal { 92 encryption_algorithm 3des; 93 hash_algorithm sha1; 94 authentication_method pre_shared_key ; 95 dh_group 2 ; 96 } 97} 98 99sainfo anonymous 100{ 101 pfs_group 1; 102 lifetime time 30 sec; 103 encryption_algorithm 3des ; 104 authentication_algorithm hmac_sha1; 105 compression_algorithm deflate ; 106} 107 108sainfo address 203.178.141.209 any address 203.178.141.218 any 109{ 110 pfs_group 1; 111 lifetime time 30 sec; 112 encryption_algorithm des ; 113 authentication_algorithm hmac_md5; 114 compression_algorithm deflate ; 115} 116 117sainfo address ::1 icmp6 address ::1 icmp6 118{ 119 pfs_group 1; 120 lifetime time 60 sec; 121 encryption_algorithm 3des, cast128, blowfish 448, des ; 122 authentication_algorithm hmac_sha1, hmac_md5 ; 123 compression_algorithm deflate ; 124} 125 126