Return to ipsec.conf CVS log | Up to [local] / src / etc |
File: [local] / src / etc / Attic / ipsec.conf (download)
Revision 1.3, Thu Aug 24 12:23:30 2006 UTC (17 years, 9 months ago) by hshoexer
We've switched from aesctr to aes as default cipher quite some time ago. Therefore adjust the example encryption key from 160 to 128 bits. Noticed by jmc@. |
# $OpenBSD: ipsec.conf,v 1.3 2006/08/24 12:23:30 hshoexer Exp $ # # See ipsec.conf(5) for syntax and examples. # Set up two tunnels using automatic keying with isakmpd(8): # # First between the networks 10.1.1.0/24 and 10.1.2.0/24, # second between the machines 192.168.3.1 and 192.168.3.2. # Use FQDNs as IDs. ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.3.2 \ srcid me.mylan.net dstid the.others.net ike esp from 192.168.3.1 to 192.168.3.2 \ srcid me.mylan.net dstid the.others.net # Set up a tunnel using static keying: # # The first rule sets up the flow; the second sets up the SA. As default # transforms, ipsecctl(8) will use hmac-sha2-256 for authentication # and aesctr for encryption. hmac-sha2-256 uses a 256-bit key; aesctr # a 160-bit key. flow esp from 192.168.7.0/24 to 192.168.8.0/24 peer 192.168.3.2 esp from 192.168.3.1 to 192.168.3.2 spi 0xdeadbeef:0xbeefdead \ authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \ enckey 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee:0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee