racoon 2.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109
  1. #/etc/config/racoon
  2. #
  3. # Copyright 2015 Vitaly Protsko <villy@sft.ru>
  4. # * WARNING: this is "not working" example
  5. # * Defaults are commented out
  6. # * Resuting config will appear in /var/racoon/
  7. config racoon
  8. # option debug 0
  9. # option ext_zone 'wan'
  10. # option int_zone 'lan'
  11. # option port 500
  12. # option natt_port 4500
  13. # following 4 or 6, no default
  14. # option ipversion 4
  15. config p1_proposal 'example_prop1'
  16. # option lifetime 28800
  17. option enc_alg 'aes'
  18. option hash_alg 'sha1'
  19. option auth_method 'rsasig'
  20. option dh_group 2
  21. config p1_proposal 'example_anon'
  22. # option lifetime 28800
  23. option enc_alg 'aes'
  24. option hash_alg 'sha1'
  25. option auth_method 'xauth_rsa_server'
  26. option dh_group 2
  27. config p1_proposal 'example_xauth'
  28. # option lifetime 28800
  29. option enc_alg 'aes'
  30. option hash_alg 'sha1'
  31. option auth_method 'xauth_rsa_client'
  32. option dh_group 2
  33. config p2_proposal 'example_prop2'
  34. option pfs_group 2
  35. option enc_alg 'aes'
  36. option auth_alg 'hmac_sha1'
  37. config p2_proposal 'example_in2'
  38. option pfs_group 2
  39. # option lifetime 14400
  40. option enc_alg 'aes'
  41. option auth_alg 'hmac_sha1'
  42. config sainfo 'office'
  43. option p2_proposal 'example_prop2'
  44. option local_net '192.168.8.0/24'
  45. option remote_net '192.168.1.0/24'
  46. config sainfo 'welcome'
  47. option p2_proposal 'example_in2'
  48. option local_net '192.168.8.0/24'
  49. option remote_net '192.168.10.0/24'
  50. option dns4 '192.168.8.1'
  51. option defdomain 'myhome.local'
  52. config sainfo 'client'
  53. option p2_proposal 'std_p2'
  54. config tunnel 'Office'
  55. option enabled 1
  56. # initial_contact
  57. # option init 1
  58. option remote 'vpn.example.tld'
  59. option exchange_mode 'main'
  60. option certificate 'example_cert'
  61. # option peer_id_type 'asn1dn'
  62. # option prop_check 'obey'
  63. # option verify_id 1
  64. # option weak_p1check 1
  65. # option dpd_delay ''
  66. list p1_proposal 'example_prop1'
  67. list sainfo 'office'
  68. # WARNING: Only ONE tunnel with remote anonymous
  69. # can be configured and it can have only
  70. # ONE sainfo. Otherwise resulting racoon
  71. # configuration will be unusable
  72. config tunnel 'Incoming'
  73. option enabled 1
  74. option remote 'anonymous'
  75. option pre_shared_key 'testitnow'
  76. option exchange_mode 'aggressive,main'
  77. option my_id_type 'fqdn'
  78. option my_id 'myserver.homeip.net'
  79. list p1_proposal 'example_anon'
  80. list sainfo 'welcome'
  81. config tunnel 'Client'
  82. option enabled 1
  83. option remote 'vpn.example.tld'
  84. option username 'testuser'
  85. option password 'testW0rD'
  86. # option mode_cfg 1
  87. list p1_proposal 'example_xauth'
  88. list sainfo 'client'
  89. # Insert corresponding data in PEM format as one line
  90. config 'certificate' 'example_cert'
  91. option 'key' '-----BEGIN PRIVATE KEY----- ~ -----END PRIVATE KEY-----'
  92. option 'crt' '-----BEGIN CERTIFICATE----- ~ -----END CERTIFICATE-----'
  93. config 'certificate' 'example_ca_cert'
  94. option 'crt' '-----BEGIN CERTIFICATE----- ~ -----END CERTIFICATE-----'