[BACK]Return to ipsec.conf CVS log [TXT][DIR] Up to [local] / src / etc
File: [local] / src / etc / Attic / ipsec.conf (download)

Revision 1.5, Thu Sep 14 15:10:43 2006 UTC (17 years, 8 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE, OPENBSD_5_5, OPENBSD_5_4_BASE, OPENBSD_5_4, OPENBSD_5_3_BASE, OPENBSD_5_3, OPENBSD_5_2_BASE, OPENBSD_5_2, OPENBSD_5_1_BASE, OPENBSD_5_1, OPENBSD_5_0_BASE, OPENBSD_5_0, OPENBSD_4_9_BASE, OPENBSD_4_9, OPENBSD_4_8_BASE, OPENBSD_4_8, OPENBSD_4_7_BASE, OPENBSD_4_7, OPENBSD_4_6_BASE, OPENBSD_4_6, OPENBSD_4_5_BASE, OPENBSD_4_5, OPENBSD_4_4_BASE, OPENBSD_4_4, OPENBSD_4_3_BASE, OPENBSD_4_3, OPENBSD_4_2_BASE, OPENBSD_4_2, OPENBSD_4_1_BASE, OPENBSD_4_1, OPENBSD_4_0_BASE, OPENBSD_4_0
Changes since 1.4: +6 -6 lines 

a more useable example; fix comments; ok jmc@

#	$OpenBSD: ipsec.conf,v 1.5 2006/09/14 15:10:43 hshoexer Exp $
#
# See ipsec.conf(5) for syntax and examples.

# Set up two tunnels using automatic keying with isakmpd(8):
#
# First between the networks 10.1.1.0/24 and 10.1.2.0/24,
# second between the machines 192.168.3.1 and 192.168.3.2.
# Use FQDNs as IDs.

#ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.3.2 \
#	srcid me.mylan.net dstid the.others.net
#ike esp from 192.168.3.1 to 192.168.3.2 \
#	srcid me.mylan.net dstid the.others.net

# Set up a tunnel using static keying:
#
# The first rule sets up the flow; the second sets up the SA.  As default
# transforms, ipsecctl(8) will use hmac-sha2-256 for authentication
# and aes for encryption.  hmac-sha2-256 uses a 256-bit key; aes
# a 128-bit key.

#flow esp from 192.168.7.0/24 to 192.168.8.0/24 peer 192.168.3.2
#esp from 192.168.3.1 to 192.168.3.2 spi 0xabd9da39:0xc9dbb83d \
#	authkey 0x54f79f479a32814347bb768d3e01b2b58e49ce674ec6e2d327b63408c56ef4e8:0x7f48ee352c626cdc2a731b9d90bd63e29db2a9c683044b70b2f4441521b622d6 \
#	enckey 0xb341aa065c3850edd6a61e150d6a5fd3:0xf7795f6bdd697a43a4d28dcf1b79062d