1 # Id: racoon.conf.sample-inherit,v 1.3 2005/12/13 16:41:07 vanhu Exp 2 # Contributed by: Michal Ludvig <mludvig (a] suse.cz>, SUSE Labs 3 4 # This file shows the basic inheritance usage in 'remote' statements. 5 6 path pre_shared_key "/etc/racoon/psk.txt"; 7 path certificate "/etc/racoon"; 8 9 remote anonymous 10 { 11 exchange_mode main,aggressive; 12 doi ipsec_doi; 13 situation identity_only; 14 15 my_identifier asn1dn; 16 certificate_type x509 "my.cert.pem" "my.key.pem"; 17 18 nonce_size 16; 19 initial_contact on; 20 proposal_check strict; # obey, strict or claim 21 22 proposal { 23 encryption_algorithm 3des; 24 hash_algorithm sha1; 25 authentication_method rsasig; 26 dh_group 2; 27 } 28 } 29 30 remote 3ffe:ffff::1 inherit anonymous 31 { 32 exchange_mode aggressive; 33 nat_traversal force; 34 } 35 36 remote 3ffe:ffff::1 [8000] inherit 3ffe:ffff::1 37 { 38 lifetime time 1 min; # sec,min,hour 39 40 proposal { 41 encryption_algorithm 3des; 42 hash_algorithm sha1; 43 authentication_method pre_shared_key; 44 dh_group 2; 45 } 46 } 47 48 sainfo anonymous 49 { 50 pfs_group 2; 51 lifetime time 12 hour; 52 encryption_algorithm aes, 3des; 53 authentication_algorithm hmac_sha1, hmac_md5; 54 compression_algorithm deflate; 55 } 56
