1 # Id: racoon.conf.sample-plainrsa,v 1.4 2005/12/13 16:41:07 vanhu Exp 2 # Contributed by: Michal Ludvig <mludvig (a] suse.cz>, SUSE Labs 3 # http://www.logix.cz/michal 4 5 # This file shows the usage of PlainRSA keys, which are widely used 6 # by FreeSWAN/OpenSwan/StrongSwan/*Swan users. This functionality is 7 # here mainly for those who are moving from the *Swan world to Racoon. 8 9 # Racoon will look for a keyfile in this directory. 10 path certificate "samples" ; 11 12 remote anonymous 13 { 14 # *Swan supports only 'main' mode. 15 exchange_mode main; 16 17 # *Swan doesn't send identifiers by default. 18 my_identifier address; 19 peers_identifier address; 20 21 # This is the trick - use PlainRSA certificates. 22 certificate_type plain_rsa "privatekey.rsa"; 23 24 # Multiple certfiles are supported. 25 peers_certfile plain_rsa "pubkey1.rsa"; 26 peers_certfile plain_rsa "pubkey2.rsa"; 27 28 # Standard setup follows... 29 proposal_check strict; 30 31 proposal { 32 encryption_algorithm 3des; 33 hash_algorithm sha1; 34 authentication_method rsasig; 35 dh_group 2; 36 } 37 } 38 39 sainfo anonymous 40 { 41 pfs_group 2; 42 lifetime time 12 hour; 43 encryption_algorithm 3des, aes; 44 authentication_algorithm hmac_sha1, hmac_md5; 45 compression_algorithm deflate; 46 } 47
