|
|
|
@ -0,0 +1,26 @@ |
|
|
|
# $OpenBSD: ipsec.conf,v 1.1 2005/12/24 15:44:12 hshoexer Exp $ |
|
|
|
# |
|
|
|
# See ipsec.conf(5) for syntax and examples. |
|
|
|
|
|
|
|
# Set up two tunnels using automatic keying with isakmpd(8): |
|
|
|
# |
|
|
|
# First between the networks 10.1.1.0/24 and 10.1.2.0/24, |
|
|
|
# second between the machines 192.168.3.1 and 192.168.3.2. |
|
|
|
# Use FQDNs as IDs. |
|
|
|
|
|
|
|
ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.3.2 \ |
|
|
|
srcid me.mylan.net dstid the.others.net |
|
|
|
ike esp from 192.168.3.1 to 192.168.3.2 \ |
|
|
|
srcid me.mylan.net dstid the.others.net |
|
|
|
|
|
|
|
# Set up a tunnel using static keying: |
|
|
|
# |
|
|
|
# The first rules sets up the flow, second the SA. As default |
|
|
|
# transforms ipsecctl(8) will use hmac-sha2-256 for authentication |
|
|
|
# and aesctr for encryption. hmac-sha2-256 uses a 256 bit key, aesctr |
|
|
|
# a 160 bit key. |
|
|
|
|
|
|
|
flow esp from 192.168.7.0/24 to 192.168.8.0/24 peer 192.168.3.2 |
|
|
|
esp from 192.168.3.1 to 192.168.3.2 spi 0xdeadbeef:0xbeefdead \ |
|
|
|
authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \ |
|
|
|
enckey 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee:0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee |
hshoexer
19 years ago