# $Id: gdoi_client.conf,v 1.4 2005/10/11 17:57:25 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/loopback/gdoi_client.conf,v $

# 
# A configuration sample for testing GDOI over loopback interfaces.
# This is the client (group member) side.
#

[General]
Retransmits=		5
Exchange-max-time=	120
Listen-on=		127.0.0.1
check-interval=		60

# Incoming phase 1 negotiations are multiplexed on the source IP address
[Phase 1]
127.0.0.2=		GDOI-key-server

# These connections are walked over after config file parsing and told
# to the application layer so that it will inform us when traffic wants to
# pass over them.  This means we can do on-demand keying.
[Phase 2]
Connections=		Group-1234

[GDOI-key-server]
Phase=			1
Transport=		udp
Local-address=		127.0.0.1
Address=		127.0.0.2
Configuration=		Default-main-mode
Authentication=		mekmitasdigoat

[Group-1234]
Phase=			2
ISAKMP-peer=		GDOI-key-server
Configuration=		Default-group-mode
Group-ID=		Group-1

[Group-1]
ID-type=		KEY_ID
Key-value=		1234

# Main mode descriptions

[Default-main-mode]
DOI=			GROUP
EXCHANGE_TYPE=		ID_PROT
Transforms=		3DES-SHA

# Main mode transforms

[3DES-SHA]
ENCRYPTION_ALGORITHM=	3DES_CBC
HASH_ALGORITHM=		SHA
AUTHENTICATION_METHOD=	PRE_SHARED
GROUP_DESCRIPTION=	MODP_1024
Life=			LIFE_60_SECS

# Lifetimes

[LIFE_60_SECS]
LIFE_TYPE=		SECONDS
LIFE_DURATION=		60,30:120

# Group mode description

[Default-group-mode]
DOI=			GROUP
EXCHANGE_TYPE=		PULL_MODE