From 22d0cb20815c6b17ad71f26362ec6b9c2a839720 Mon Sep 17 00:00:00 2001 From: reyk <> Date: Mon, 7 Jun 2010 10:09:05 +0000 Subject: [PATCH] add iked.conf default configuration file example. ok jsg@ --- src/etc/Makefile | 3 ++- src/etc/changelist | 3 ++- src/etc/iked.conf | 25 +++++++++++++++++++++++++ src/etc/mtree/special | 3 ++- 4 files changed, 31 insertions(+), 3 deletions(-) create mode 100644 src/etc/iked.conf diff --git a/src/etc/Makefile b/src/etc/Makefile index 0c7fc1cd..89e9f7d0 100644 --- a/src/etc/Makefile +++ b/src/etc/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.288 2010/06/05 17:29:14 martinh Exp $ +# $OpenBSD: Makefile,v 1.289 2010/06/07 10:09:05 reyk Exp $ TZDIR= /usr/share/zoneinfo LOCALTIME= Canada/Mountain @@ -98,6 +98,7 @@ distribution-etc-root-var: distrib-dirs ${INSTALL} -c -o root -g operator -m 644 chio.conf ${DESTDIR}/etc ${INSTALL} -c -o root -g wheel -m 600 hostapd.conf ${DESTDIR}/etc ${INSTALL} -c -o root -g wheel -m 600 relayd.conf ${DESTDIR}/etc + ${INSTALL} -c -o root -g wheel -m 600 iked.conf ${DESTDIR}/etc ${INSTALL} -c -o root -g wheel -m 600 ipsec.conf ${DESTDIR}/etc ${INSTALL} -c -o root -g wheel -m 600 sasyncd.conf ${DESTDIR}/etc ${INSTALL} -c -o root -g wheel -m 600 snmpd.conf ${DESTDIR}/etc diff --git a/src/etc/changelist b/src/etc/changelist index b05613c7..03ac02ab 100644 --- a/src/etc/changelist +++ b/src/etc/changelist @@ -1,4 +1,4 @@ -# $OpenBSD: changelist,v 1.66 2010/04/15 20:12:27 sthen Exp $ +# $OpenBSD: changelist,v 1.67 2010/06/07 10:09:05 reyk Exp $ # # List of files which the security script backs up and checks # for modifications. @@ -45,6 +45,7 @@ /etc/hosts.equiv /etc/hosts.lpd /etc/ifstated.conf ++/etc/iked.conf /etc/inetd.conf +/etc/ipsec.conf +/etc/isakmpd/private/local.key diff --git a/src/etc/iked.conf b/src/etc/iked.conf new file mode 100644 index 00000000..0e287dfe --- /dev/null +++ b/src/etc/iked.conf @@ -0,0 +1,25 @@ +# $OpenBSD: iked.conf,v 1.1 2010/06/07 10:09:05 reyk Exp $ +# +# See iked.conf(5) for syntax and examples. + +# Configure users for the Extensible Authentication Protocol (EAP) +user "user1" "password123" +user "user2" "password456" + +# Configuration for clients connecting with EAP authentication. +# Remember to set up a PKI, see ikectl(8) for more information. +ikev2 "win7" passive esp \ + from 10.2.0.0/24 to 10.1.0.0/24 \ + local any peer any \ + eap "mschap-v2" \ + config address 10.2.0.1 \ + config name-server 10.1.0.2 \ + tag "$name-$id" + +# Configuration for a client authenticating with a pre-shared key. +ikev2 esp \ + from 10.3.0.0/24 to 10.1.0.0/24 \ + from 10.5.0.0/24 to 10.1.0.0/24 \ + from 10.5.0.0/24 to 172.16.1.0/24 \ + local 192.168.1.1 peer 192.168.2.1 \ + psk "you-should-not-use-psk-authentication!" diff --git a/src/etc/mtree/special b/src/etc/mtree/special index 8ac02787..0fc90195 100644 --- a/src/etc/mtree/special +++ b/src/etc/mtree/special @@ -1,4 +1,4 @@ -# $OpenBSD: special,v 1.86 2010/02/22 15:20:22 claudio Exp $ +# $OpenBSD: special,v 1.87 2010/06/07 10:09:05 reyk Exp $ # $NetBSD: special,v 1.4 1996/05/08 21:30:18 pk Exp $ # @(#)special 8.2 (Berkeley) 1/23/94 # @@ -34,6 +34,7 @@ group type=file mode=0644 uname=root gname=wheel hostapd.conf type=file mode=0600 uname=root gname=wheel hosts type=file mode=0644 uname=root gname=wheel hosts.equiv type=file mode=0600 uname=root gname=wheel optional +iked.conf type=file mode=0600 uname=root gname=wheel inetd.conf type=file mode=0644 uname=root gname=wheel ipsec.conf type=file mode=0600 uname=root gname=wheel isakmpd type=dir mode=0755 uname=root gname=wheel