64 lines
1.6 KiB
Text
64 lines
1.6 KiB
Text
# /etc/racoon/racoon.conf
|
|
path include "/etc/racoon";
|
|
path pre_shared_key "/etc/racoon/psk.txt";
|
|
|
|
# racoon will look for certificate file in the directory,
|
|
# if the certificate/certificate request payload is received.
|
|
#path certificate "/etc/openssl/certs" ;
|
|
|
|
# "log" specifies logging level. It is followed by either "notify", "debug"
|
|
# or "debug2".
|
|
#log notify;
|
|
log debug;
|
|
|
|
timer
|
|
{
|
|
phase1 45 seconds;
|
|
phase2 60 seconds;
|
|
}
|
|
|
|
remote anonymous {
|
|
exchange_mode main, aggressive;
|
|
nat_traversal on;
|
|
generate_policy on;
|
|
proposal_check obey;
|
|
|
|
send_cr off;
|
|
send_cert off;
|
|
|
|
proposal {
|
|
encryption_algorithm 3des;
|
|
hash_algorithm sha1;
|
|
authentication_method pre_shared_key;
|
|
dh_group 2;
|
|
}
|
|
|
|
proposal {
|
|
encryption_algorithm 3des;
|
|
hash_algorithm md5;
|
|
authentication_method pre_shared_key;
|
|
dh_group 2;
|
|
}
|
|
|
|
proposal {
|
|
encryption_algorithm aes;
|
|
hash_algorithm sha1;
|
|
authentication_method pre_shared_key;
|
|
dh_group 2;
|
|
}
|
|
|
|
}
|
|
|
|
# phase 2 proposal (for IPsec SA).
|
|
# actual phase 2 proposal will obey the following items:
|
|
# - kernel IPsec policy configuration (like "esp/transport//use)
|
|
# - permutation of the crypto/hash/compression algorithms presented below
|
|
sainfo anonymous
|
|
{
|
|
pfs_group 2;
|
|
lifetime time 30 minutes;
|
|
encryption_algorithm aes, 3des, cast128, blowfish;
|
|
authentication_algorithm hmac_sha1, hmac_md5;
|
|
compression_algorithm deflate;
|
|
}
|
|
|