1# Id: racoon.conf.sample-inherit,v 1.3 2005/12/13 16:41:07 vanhu Exp 2# Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs 3 4# This file shows the basic inheritance usage in 'remote' statements. 5 6path pre_shared_key "/etc/racoon/psk.txt"; 7path certificate "/etc/racoon"; 8 9remote anonymous 10{ 11 exchange_mode main,aggressive; 12 doi ipsec_doi; 13 situation identity_only; 14 15 my_identifier asn1dn; 16 certificate_type x509 "my.cert.pem" "my.key.pem"; 17 18 nonce_size 16; 19 initial_contact on; 20 proposal_check strict; # obey, strict or claim 21 22 proposal { 23 encryption_algorithm 3des; 24 hash_algorithm sha1; 25 authentication_method rsasig; 26 dh_group 2; 27 } 28} 29 30remote 3ffe:ffff::1 inherit anonymous 31{ 32 exchange_mode aggressive; 33 nat_traversal force; 34} 35 36remote 3ffe:ffff::1 [8000] inherit 3ffe:ffff::1 37{ 38 lifetime time 1 min; # sec,min,hour 39 40 proposal { 41 encryption_algorithm 3des; 42 hash_algorithm sha1; 43 authentication_method pre_shared_key; 44 dh_group 2; 45 } 46} 47 48sainfo anonymous 49{ 50 pfs_group 2; 51 lifetime time 12 hour; 52 encryption_algorithm aes, 3des; 53 authentication_algorithm hmac_sha1, hmac_md5; 54 compression_algorithm deflate; 55} 56