Annotation of src/etc/ipsec.conf, Revision 1.5
1.5 ! hshoexer 1: # $OpenBSD: ipsec.conf,v 1.4 2006/08/24 12:47:37 hshoexer Exp $
1.1 hshoexer 2: #
3: # See ipsec.conf(5) for syntax and examples.
4:
5: # Set up two tunnels using automatic keying with isakmpd(8):
6: #
7: # First between the networks 10.1.1.0/24 and 10.1.2.0/24,
8: # second between the machines 192.168.3.1 and 192.168.3.2.
9: # Use FQDNs as IDs.
10:
1.4 hshoexer 11: #ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.3.2 \
12: # srcid me.mylan.net dstid the.others.net
13: #ike esp from 192.168.3.1 to 192.168.3.2 \
14: # srcid me.mylan.net dstid the.others.net
1.1 hshoexer 15:
16: # Set up a tunnel using static keying:
17: #
1.2 jmc 18: # The first rule sets up the flow; the second sets up the SA. As default
19: # transforms, ipsecctl(8) will use hmac-sha2-256 for authentication
1.5 ! hshoexer 20: # and aes for encryption. hmac-sha2-256 uses a 256-bit key; aes
! 21: # a 128-bit key.
1.1 hshoexer 22:
1.4 hshoexer 23: #flow esp from 192.168.7.0/24 to 192.168.8.0/24 peer 192.168.3.2
1.5 ! hshoexer 24: #esp from 192.168.3.1 to 192.168.3.2 spi 0xabd9da39:0xc9dbb83d \
! 25: # authkey 0x54f79f479a32814347bb768d3e01b2b58e49ce674ec6e2d327b63408c56ef4e8:0x7f48ee352c626cdc2a731b9d90bd63e29db2a9c683044b70b2f4441521b622d6 \
! 26: # enckey 0xb341aa065c3850edd6a61e150d6a5fd3:0xf7795f6bdd697a43a4d28dcf1b79062d