Return to ipsec.conf CVS log | Up to [local] / src / etc |
File: [local] / src / etc / Attic / ipsec.conf (download)
Revision 1.1, Sat Dec 24 15:44:12 2005 UTC (18 years, 5 months ago) by hshoexer
Very basic sample ipsec.conf, more to come. Has been demanded by deraadt@ for a long time, but i'm a bloody slacker... |
# $OpenBSD: ipsec.conf,v 1.1 2005/12/24 15:44:12 hshoexer Exp $ # # See ipsec.conf(5) for syntax and examples. # Set up two tunnels using automatic keying with isakmpd(8): # # First between the networks 10.1.1.0/24 and 10.1.2.0/24, # second between the machines 192.168.3.1 and 192.168.3.2. # Use FQDNs as IDs. ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.3.2 \ srcid me.mylan.net dstid the.others.net ike esp from 192.168.3.1 to 192.168.3.2 \ srcid me.mylan.net dstid the.others.net # Set up a tunnel using static keying: # # The first rules sets up the flow, second the SA. As default # transforms ipsecctl(8) will use hmac-sha2-256 for authentication # and aesctr for encryption. hmac-sha2-256 uses a 256 bit key, aesctr # a 160 bit key. flow esp from 192.168.7.0/24 to 192.168.8.0/24 peer 192.168.3.2 esp from 192.168.3.1 to 192.168.3.2 spi 0xdeadbeef:0xbeefdead \ authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \ enckey 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee:0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee