[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
isakmpd.conf using x509 authentification
- To: tech_(_at_)_openbsd_(_dot_)_org
- Subject: isakmpd.conf using x509 authentification
- From: AMozhar_(_at_)_SPIRIT21_(_dot_)_de
- Date: Thu, 22 Aug 2002 08:59:56 +0100
Hello OpenBSD!
Hello Mathieu!
Does anybody have an idea, what could be wrong with this files?
*********************************************************************
*********************************************************************
HOST MOO with IP 110.138.0.22
[General]
Retransmits= 5
Exchange-max-time= 120
Listen-on= 110.138.0.22
Policy-file= /etc/isakmpd/isakmpd.policy
[Phase 1]
13.122.10.147 =loo
[Phase 2]
Connections= moo-loo
[loo]
Phase= 1
Transport= udp
Port= 500
Local-address= 110.138.0.22
Address= 13.122.10.147
Configuration= Default-main-mode
[moo-loo]
Phase= 2
ISAKMP-peer= loo
Configuration= Default-quick-mode
Local-ID= Net-moo
Remote-ID= Net-loo
[Net-moo]
ID-type= IPV4_ADDR_SUBNET
Network= 110.138.0.0
Netmask= 255.255.255.0
[Net-loo]
ID-type= IPV4_ADDR_SUBNET
Network= 13.122.10.0
Netmask= 255.255.255.0
[Default-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
[Default-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-3DES-SHA-PFS-SUITE
[ x509-certificates]
CA-directory= /etc/isakmpd/ca/
Cert-directory= /etc/isakmpd/certs/
Private-key= /etc/isakmpd/private/local.key
[3DES-SHA]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= RSA_SIG
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_60_SECS
[QM-ESP-3DES-SHA-PFS-SUITE]
Protocols= QM-ESP-3DES-SHA-PFS
[QM-ESP-3DES-SHA-PFS]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-3DES-SHA-PFS-XF
[QM-ESP-3DES-SHA-PFS-XF]
TRANSFORM_ID= 3DES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_60_SECS
[LIFE_60_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 60,45:72
**********************************************************
**********************************************************
***********************************************************
**********************************************************
Host LOO 13.122.10.147
[General]
Retransmits= 5
Exchange-max-time= 120
Policy-file= /etc/isakmpd/isakmpd.policy
Listen-on= 13.122.10.147
[Phase 1]
110.138.0.22= moo
[Phase 2]
Connections= loo-moo
[moo]
Phase= 1
Transport= udp
Port= 500
Local-address= 13.122.10.147
Address= 110.138.0.22
Configuration= Default-main-mode
[loo-moo]
Phase= 2
ISAKMP-peer= moo
Configuration= Default-quick-mode
Local-ID= Net-loo
Remote-ID= Net-moo
[Net-moo]
ID-type= IPV4_ADDR_SUBNET
Network= 110.138.0.0
Netmask= 255.255.255.0
[Net-loo]
ID-type= IPV4_ADDR_SUBNET
Network= 13.122.10.0
Netmask= 255.255.255.0
[Default-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
[Default-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-3DES-SHA-PFS-SUITE
[ x509-certificates]
CA-directory= /etc/isakmpd/ca/
Cert-directory= /etc/isakmpd/certs/
Private-key= /etc/isakmpd/private/local.key
[3DES-SHA]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= RSA_SIG
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_60_SECS
[QM-ESP-3DES-SHA-PFS-SUITE]
Protocols= QM-ESP-3DES-SHA-PFS
[QM-ESP-3DES-SHA-PFS]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-3DES-SHA-PFS-XF
[QM-ESP-3DES-SHA-PFS-XF]
TRANSFORM_ID= 3DES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_60_SECS
[LIFE_60_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 60,45:72
Visit your host, monkey.org