"Fossies" - the Fresh Open Source Software Archive

Member "freeswan-2.06/doc/examples" (12 Jan 2004, 5308 Bytes) of package /linux/misc/old/freeswan-2.06.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 # sample connections
    2 # This file is RCSID $Id: examples,v 1.6 2004/01/12 14:20:12 claudia Exp $
    3 
    4 
    5 
    6 # basic configuration
    7 config setup
    8 	# THIS SETTING MUST BE CORRECT or almost nothing will work.
    9 	interfaces="ipsec0=eth1 ipsec1=ppp0"
   10 	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
   11 	klipsdebug=none
   12 	plutodebug=none
   13 	# Manual connections to be started at startup.
   14 	manualstart="test1 test2"
   15 	# Auto connections to be loaded into Pluto at startup.
   16 	plutoload="samplehth samplefire"
   17 	# Auto connections to be started at startup.
   18 	plutostart=samplefire
   19 
   20 
   21 
   22 # defaults for subsequent connection descriptions
   23 conn %default
   24 	# How persistent to be in (re)keying negotiations (0 means very).
   25 	keyingtries=0
   26 	# Parameters for manual-keying testing (DON'T USE OPERATIONALLY).
   27 	spi=0x200
   28 	esp=3des-md5-96
   29 	espenckey=0x01234567_89abcdef_02468ace_13579bdf_12345678_9abcdef0
   30 	espauthkey=0x12345678_9abcdef0_2468ace0_13579bdf
   31 	# key lifetime (before automatic rekeying)
   32 	keylife=8h
   33 
   34 
   35 
   36 # sample connection
   37 conn sample
   38 	# Left security gateway and subnet behind it.
   39 	left=10.0.0.1
   40 	leftsubnet=172.16.0.0/24
   41 	# Right security gateway and subnet behind it.
   42 	right=10.12.12.1
   43 	rightsubnet=192.168.0.0/24
   44 	# Authorize this connection, but don't actually start it, at startup.
   45 	auto=add
   46 
   47 # sample tunnel (manually or automatically keyed)
   48 # Here we just use ESP for both encryption and authentication, which is
   49 # the simplest and often the best method.
   50 conn sample
   51 	# left security gateway (public-network address)
   52 	left=10.0.0.1
   53 	# next hop to reach right
   54 	leftnexthop=10.44.55.66
   55 	# subnet behind left (omit if left end of the tunnel is just the s.g.)
   56 	leftsubnet=172.16.0.0/24
   57 	# right s.g., subnet behind it, and next hop to reach left
   58 	right=10.12.12.1
   59 	rightnexthop=10.88.77.66
   60 	rightsubnet=192.168.0.0/24
   61 	# (manual) SPI number
   62 	spi=0x200
   63 	# (manual) encryption/authentication algorithm and parameters to it
   64 	esp=3des-md5-96
   65 	espenckey=[192 bits]
   66 	espauthkey=[128 bits]
   67 
   68 # In the remaining examples, deviations from the sample-tunnel configuration
   69 # are marked with ###.
   70 
   71 # sample host-to-host tunnel (no subnets)
   72 # Here we assume (for purposes of illustration) that the hosts talk directly
   73 # to each other, so we don't need next-hop settings.
   74 conn samplehth
   75 	### left host (public-network address)
   76 	left=10.0.0.1
   77 	### next hop to reach right
   78 	leftnexthop=
   79 	### right host
   80 	right=10.12.12.1
   81 	### next hop to reach left
   82 	rightnexthop=
   83 	### (manual) SPI number
   84 	spi=0x300
   85 	# (manual) encryption/authentication algorithm and parameters to it
   86 	esp=3des-md5-96
   87 	espenckey=[192 bits]
   88 	espauthkey=[128 bits]
   89 
   90 # sample hybrid tunnel, with a host on one end and a subnet (behind a
   91 # security gateway) on the other
   92 # This case is also sometimes called "road warrior".
   93 conn samplehyb
   94 	### left host (public-network address)
   95 	left=10.0.0.1
   96 	# next hop to reach right
   97 	leftnexthop=10.44.55.66
   98 	# subnet behind left
   99 	leftsubnet=172.16.0.0/24
  100 	### right host, and next hop to reach left
  101 	right=10.12.12.1
  102 	rightnexthop=10.88.77.66
  103 	### (manual) SPI number
  104 	spi=0x400
  105 	# (manual) encryption/authentication algorithm and parameters to it
  106 	esp=3des-md5-96
  107 	espenckey=[192 bits]
  108 	espauthkey=[128 bits]
  109 
  110 # sample firewall-penetrating tunnel
  111 # Here we assume that firewalling is being done on the left side.
  112 conn samplefire
  113 	# left security gateway (public-network address)
  114 	left=10.0.0.1
  115 	# next hop to reach right
  116 	leftnexthop=10.44.55.66
  117 	# subnet behind left (omit if left end of the tunnel is just the s.g.)
  118 	leftsubnet=172.16.0.0/24
  119 	### left is firewalling for its subnet
  120 	leftfirewall=yes
  121 	# right s.g., subnet behind it, and next hop to reach left
  122 	right=10.12.12.1
  123 	rightnexthop=10.88.77.66
  124 	rightsubnet=192.168.0.0/24
  125 	### (manual) SPI number
  126 	spi=0x500
  127 	# (manual) encryption/authentication algorithm and parameters to it
  128 	esp=3des-md5-96
  129 	espenckey=[192 bits]
  130 	espauthkey=[128 bits]
  131 
  132 # sample transport-mode connection (which can only be host-to-host)
  133 # Encryption and authentication done by ESP.
  134 conn sampletm
  135 	### transport mode rather than tunnel
  136 	type=transport
  137 	### left host (public-network address)
  138 	left=10.0.0.1
  139 	# next hop to reach right
  140 	leftnexthop=10.44.55.66
  141 	### right host, and next hop to reach left
  142 	right=10.12.12.1
  143 	rightnexthop=10.88.77.66
  144 	### (manual) SPI number
  145 	spi=0x600
  146 	# (manual) encryption/authentication algorithm and parameters to it
  147 	esp=3des-md5-96
  148 	espenckey=[192 bits]
  149 	espauthkey=[128 bits]
  150 
  151 # sample description with keys split out into a separate section
  152 # Normally the key section would go in a separate file, with tighter
  153 # permissions set on it.
  154 conn samplesep
  155 	# left security gateway (public-network address)
  156 	left=10.0.0.1
  157 	# next hop to reach right
  158 	leftnexthop=10.44.55.66
  159 	# subnet behind left (omit if left end of the tunnel is just the s.g.)
  160 	leftsubnet=172.16.0.0/24
  161 	# right s.g., subnet behind it, and next hop to reach left
  162 	right=10.12.12.1
  163 	rightnexthop=10.88.77.66
  164 	rightsubnet=192.168.0.0/24
  165 	### (manual) SPI number
  166 	spi=0x700
  167 	# (manual) encryption/authentication algorithm and parameters to it
  168 	esp=3des-md5-96
  169 	also=samplesep-keys
  170 
  171 # keys for the previous section
  172 # Normally this would go in a separate file, picked up using an include line,
  173 # to allow keeping the keys confidential.
  174 conn samplesep-keys
  175 	espenckey=[192 bits]
  176 	espauthkey=[128 bits]