Sophie

Sophie

distrib > Mandriva > 2010.0 > i586 > media > contrib-release > by-pkgid > cb04c52ccedb52ab907eaca84d718eba > files > 31

openswan-doc-2.6.22-1mdv2010.0.i586.rpm

# sample connections
# This file is RCSID $Id: examples,v 1.5 1999/12/13 02:38:16 henry Exp $



# basic configuration
config setup
	# THIS SETTING MUST BE CORRECT or almost nothing will work.
	interfaces="ipsec0=eth1 ipsec1=ppp0"
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	klipsdebug=none
	plutodebug=none
	# Manual connections to be started at startup.
	manualstart="test1 test2"
	# Auto connections to be loaded into Pluto at startup.
	plutoload="samplehth samplefire"
	# Auto connections to be started at startup.
	plutostart=samplefire



# defaults for subsequent connection descriptions
conn %default
	# How persistent to be in (re)keying negotiations (0 means very).
	keyingtries=0
	# Parameters for manual-keying testing (DON'T USE OPERATIONALLY).
	spi=0x200
	esp=3des-md5-96
	espenckey=0x01234567_89abcdef_02468ace_13579bdf_12345678_9abcdef0
	espauthkey=0x12345678_9abcdef0_2468ace0_13579bdf
	# key lifetime (before automatic rekeying)
	keylife=8h



# sample connection
conn sample
	# Left security gateway and subnet behind it.
	left=10.0.0.1
	leftsubnet=172.16.0.0/24
	# Right security gateway and subnet behind it.
	right=10.12.12.1
	rightsubnet=192.168.0.0/24
	# Authorize this connection, but don't actually start it, at startup.
	auto=add

# sample tunnel (manually or automatically keyed)
# Here we just use ESP for both encryption and authentication, which is
# the simplest and often the best method.
conn sample
	# left security gateway (public-network address)
	left=10.0.0.1
	# next hop to reach right
	leftnexthop=10.44.55.66
	# subnet behind left (omit if left end of the tunnel is just the s.g.)
	leftsubnet=172.16.0.0/24
	# right s.g., subnet behind it, and next hop to reach left
	right=10.12.12.1
	rightnexthop=10.88.77.66
	rightsubnet=192.168.0.0/24
	# (manual) SPI number
	spi=0x200
	# (manual) encryption/authentication algorithm and parameters to it
	esp=3des-md5-96
	espenckey=[192 bits]
	espauthkey=[128 bits]

# In the remaining examples, deviations from the sample-tunnel configuration
# are marked with ###.

# sample host-to-host tunnel (no subnets)
# Here we assume (for purposes of illustration) that the hosts talk directly
# to each other, so we don't need next-hop settings.
conn samplehth
	### left host (public-network address)
	left=10.0.0.1
	### next hop to reach right
	leftnexthop=
	### right host
	right=10.12.12.1
	### next hop to reach left
	rightnexthop=
	### (manual) SPI number
	spi=0x300
	# (manual) encryption/authentication algorithm and parameters to it
	esp=3des-md5-96
	espenckey=[192 bits]
	espauthkey=[128 bits]

# sample hybrid tunnel, with a host on one end and a subnet (behind a
# security gateway) on the other
# This case is also sometimes called "road warrior".
conn samplehyb
	### left host (public-network address)
	left=10.0.0.1
	# next hop to reach right
	leftnexthop=10.44.55.66
	# subnet behind left
	leftsubnet=172.16.0.0/24
	### right host, and next hop to reach left
	right=10.12.12.1
	rightnexthop=10.88.77.66
	### (manual) SPI number
	spi=0x400
	# (manual) encryption/authentication algorithm and parameters to it
	esp=3des-md5-96
	espenckey=[192 bits]
	espauthkey=[128 bits]

# sample firewall-penetrating tunnel
# Here we assume that firewalling is being done on the left side.
conn samplefire
	# left security gateway (public-network address)
	left=10.0.0.1
	# next hop to reach right
	leftnexthop=10.44.55.66
	# subnet behind left (omit if left end of the tunnel is just the s.g.)
	leftsubnet=172.16.0.0/24
	### left is firewalling for its subnet
	leftfirewall=yes
	# right s.g., subnet behind it, and next hop to reach left
	right=10.12.12.1
	rightnexthop=10.88.77.66
	rightsubnet=192.168.0.0/24
	### (manual) SPI number
	spi=0x500
	# (manual) encryption/authentication algorithm and parameters to it
	esp=3des-md5-96
	espenckey=[192 bits]
	espauthkey=[128 bits]

# sample transport-mode connection (which can only be host-to-host)
# Here we use the whole nine yards, with encryption done by ESP and
# authentication by AH; this perhaps is slightly preferable for transport
# mode, where the IP headers are exposed.
conn sampletm
	### transport mode rather than tunnel
	type=transport
	### left host (public-network address)
	left=10.0.0.1
	# next hop to reach right
	leftnexthop=10.44.55.66
	### right host, and next hop to reach left
	right=10.12.12.1
	rightnexthop=10.88.77.66
	### (manual) SPI number
	spi=0x600
	### (manual) encryption algorithm and parameters to it
	esp=3des
	espenckey=[192 bits]
	### (manual) authentication algorithm and parameters to it
	ah=hmac-md5
	ahkey=[128 bits]
	### (auto) authentication control
	auth=ah

# sample description with keys split out into a separate section
# Normally the key section would go in a separate file, with tighter
# permissions set on it.
conn samplesep
	# left security gateway (public-network address)
	left=10.0.0.1
	# next hop to reach right
	leftnexthop=10.44.55.66
	# subnet behind left (omit if left end of the tunnel is just the s.g.)
	leftsubnet=172.16.0.0/24
	# right s.g., subnet behind it, and next hop to reach left
	right=10.12.12.1
	rightnexthop=10.88.77.66
	rightsubnet=192.168.0.0/24
	### (manual) SPI number
	spi=0x700
	# (manual) encryption/authentication algorithm and parameters to it
	esp=3des-md5-96
	also=samplesep-keys

# keys for the previous section
# Normally this would go in a separate file, picked up using an include line,
# to allow keeping the keys confidential.
conn samplesep-keys
	espenckey=[192 bits]
	espauthkey=[128 bits]

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional