Annotation of src/etc/ipsec.conf, Revision 1.2
1.2 ! jmc 1: # $OpenBSD: ipsec.conf,v 1.1 2005/12/24 15:44:12 hshoexer Exp $
1.1 hshoexer 2: #
3: # See ipsec.conf(5) for syntax and examples.
4:
5: # Set up two tunnels using automatic keying with isakmpd(8):
6: #
7: # First between the networks 10.1.1.0/24 and 10.1.2.0/24,
8: # second between the machines 192.168.3.1 and 192.168.3.2.
9: # Use FQDNs as IDs.
10:
11: ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.3.2 \
12: srcid me.mylan.net dstid the.others.net
13: ike esp from 192.168.3.1 to 192.168.3.2 \
14: srcid me.mylan.net dstid the.others.net
15:
16: # Set up a tunnel using static keying:
17: #
1.2 ! jmc 18: # The first rule sets up the flow; the second sets up the SA. As default
! 19: # transforms, ipsecctl(8) will use hmac-sha2-256 for authentication
! 20: # and aesctr for encryption. hmac-sha2-256 uses a 256-bit key; aesctr
! 21: # a 160-bit key.
1.1 hshoexer 22:
23: flow esp from 192.168.7.0/24 to 192.168.8.0/24 peer 192.168.3.2
24: esp from 192.168.3.1 to 192.168.3.2 spi 0xdeadbeef:0xbeefdead \
25: authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \
26: enckey 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee:0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee