xref: /netbsd-src/crypto/dist/ipsec-tools/src/racoon/samples/racoon.conf.sample-plainrsa (revision 2b3d1ee8a773e028429b331332895d44f445d720)
1# Id: racoon.conf.sample-plainrsa,v 1.4 2005/12/13 16:41:07 vanhu Exp
2# Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
3#                 http://www.logix.cz/michal
4
5# This file shows the usage of PlainRSA keys, which are widely used
6# by FreeSWAN/OpenSwan/StrongSwan/*Swan users. This functionality is
7# here mainly for those who are moving from the *Swan world to Racoon.
8
9# Racoon will look for a keyfile in this directory.
10path certificate "samples" ;
11
12remote anonymous
13{
14	# *Swan supports only 'main' mode.
15	exchange_mode main;
16
17	# *Swan doesn't send identifiers by default.
18	my_identifier address;
19	peers_identifier address;
20
21	# This is the trick - use PlainRSA certificates.
22	certificate_type plain_rsa "privatekey.rsa";
23
24	# Multiple certfiles are supported.
25	peers_certfile plain_rsa "pubkey1.rsa";
26	peers_certfile plain_rsa "pubkey2.rsa";
27
28	# Standard setup follows...
29	proposal_check strict;
30
31	proposal {
32		encryption_algorithm 3des;
33		hash_algorithm sha1;
34		authentication_method rsasig;
35		dh_group 2;
36	}
37}
38
39sainfo anonymous
40{
41	pfs_group 2;
42	lifetime time 12 hour;
43	encryption_algorithm 3des, aes;
44	authentication_algorithm hmac_sha1, hmac_md5;
45	compression_algorithm deflate;
46}
47