Annotation of src/etc/ipsec.conf, Revision 1.1
1.1 ! hshoexer 1: # $OpenBSD:$
! 2: #
! 3: # See ipsec.conf(5) for syntax and examples.
! 4:
! 5: # Set up two tunnels using automatic keying with isakmpd(8):
! 6: #
! 7: # First between the networks 10.1.1.0/24 and 10.1.2.0/24,
! 8: # second between the machines 192.168.3.1 and 192.168.3.2.
! 9: # Use FQDNs as IDs.
! 10:
! 11: ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.3.2 \
! 12: srcid me.mylan.net dstid the.others.net
! 13: ike esp from 192.168.3.1 to 192.168.3.2 \
! 14: srcid me.mylan.net dstid the.others.net
! 15:
! 16: # Set up a tunnel using static keying:
! 17: #
! 18: # The first rules sets up the flow, second the SA. As default
! 19: # transforms ipsecctl(8) will use hmac-sha2-256 for authentication
! 20: # and aesctr for encryption. hmac-sha2-256 uses a 256 bit key, aesctr
! 21: # a 160 bit key.
! 22:
! 23: flow esp from 192.168.7.0/24 to 192.168.8.0/24 peer 192.168.3.2
! 24: esp from 192.168.3.1 to 192.168.3.2 spi 0xdeadbeef:0xbeefdead \
! 25: authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \
! 26: enckey 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee:0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee