add iked.conf default configuration file example.

ok jsg@
14 years ago · 22d0cb2081
--- a/src/etc/Makefile
+++ b/src/etc/Makefile
@ -1,4 +1,4 @@
 #	$OpenBSD: Makefile,v 1.288 2010/06/05 17:29:14 martinh Exp $
 #	$OpenBSD: Makefile,v 1.289 2010/06/07 10:09:05 reyk Exp $

 TZDIR=		/usr/share/zoneinfo
 LOCALTIME=	Canada/Mountain
@ -98,6 +98,7 @@ distribution-etc-root-var: distrib-dirs
 	${INSTALL} -c -o root -g operator -m 644 chio.conf ${DESTDIR}/etc
 	${INSTALL} -c -o root -g wheel -m 600 hostapd.conf ${DESTDIR}/etc
 	${INSTALL} -c -o root -g wheel -m 600 relayd.conf ${DESTDIR}/etc
 	${INSTALL} -c -o root -g wheel -m 600 iked.conf ${DESTDIR}/etc
 	${INSTALL} -c -o root -g wheel -m 600 ipsec.conf ${DESTDIR}/etc
 	${INSTALL} -c -o root -g wheel -m 600 sasyncd.conf ${DESTDIR}/etc
 	${INSTALL} -c -o root -g wheel -m 600 snmpd.conf ${DESTDIR}/etc
--- a/src/etc/changelist
+++ b/src/etc/changelist
@ -1,4 +1,4 @@
 #	$OpenBSD: changelist,v 1.66 2010/04/15 20:12:27 sthen Exp $
 #	$OpenBSD: changelist,v 1.67 2010/06/07 10:09:05 reyk Exp $
 #
 # List of files which the security script backs up and checks
 # for modifications.
@ -45,6 +45,7 @@
 /etc/hosts.equiv
 /etc/hosts.lpd
 /etc/ifstated.conf
 +/etc/iked.conf
 /etc/inetd.conf
 +/etc/ipsec.conf
 +/etc/isakmpd/private/local.key
--- a/src/etc/iked.conf
+++ b/src/etc/iked.conf
@ -0,0 +1,25 @@
 # $OpenBSD: iked.conf,v 1.1 2010/06/07 10:09:05 reyk Exp $
 #
 # See iked.conf(5) for syntax and examples.

 # Configure users for the Extensible Authentication Protocol (EAP)
 user "user1" "password123"
 user "user2" "password456"

 # Configuration for clients connecting with EAP authentication.
 # Remember to set up a PKI, see ikectl(8) for more information.
 ikev2 "win7" passive esp \
 	from 10.2.0.0/24 to 10.1.0.0/24 \
 	local any peer any \
 	eap "mschap-v2" \
 	config address 10.2.0.1 \
 	config name-server 10.1.0.2 \
 	tag "$name-$id"

 # Configuration for a client authenticating with a pre-shared key.
 ikev2 esp \
 	from 10.3.0.0/24 to 10.1.0.0/24 \
 	from 10.5.0.0/24 to 10.1.0.0/24 \
 	from 10.5.0.0/24 to 172.16.1.0/24 \
 	local 192.168.1.1 peer 192.168.2.1 \
 	psk "you-should-not-use-psk-authentication!"
--- a/src/etc/mtree/special
+++ b/src/etc/mtree/special
@ -1,4 +1,4 @@
 #	$OpenBSD: special,v 1.86 2010/02/22 15:20:22 claudio Exp $
 #	$OpenBSD: special,v 1.87 2010/06/07 10:09:05 reyk Exp $
 #	$NetBSD: special,v 1.4 1996/05/08 21:30:18 pk Exp $
 #	@(#)special	8.2 (Berkeley) 1/23/94
 #
@ -34,6 +34,7 @@ group		type=file mode=0644 uname=root gname=wheel
 hostapd.conf	type=file mode=0600 uname=root gname=wheel
 hosts		type=file mode=0644 uname=root gname=wheel
 hosts.equiv	type=file mode=0600 uname=root gname=wheel optional
 iked.conf	type=file mode=0600 uname=root gname=wheel
 inetd.conf	type=file mode=0644 uname=root gname=wheel
 ipsec.conf	type=file mode=0600 uname=root gname=wheel
 isakmpd		type=dir mode=0755 uname=root gname=wheel