73 lines
1.6 KiB
Text
73 lines
1.6 KiB
Text
# $Id: gdoi_client.conf,v 1.1.2.1 2011/12/12 23:49:35 bew Exp $
|
|
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/iec90-5/Attic/gdoi_client.conf,v $
|
|
|
|
#
|
|
# A configuration sample for testing GDOI over loopback interfaces.
|
|
# This is the client (group member) side.
|
|
#
|
|
|
|
[General]
|
|
Retransmits= 5
|
|
Exchange-max-time= 120
|
|
Listen-on= 127.0.0.1
|
|
check-interval= 60
|
|
GDOI-application-client-support= 1
|
|
|
|
# Incoming phase 1 negotiations are multiplexed on the source IP address
|
|
[Phase 1]
|
|
127.0.0.2= GDOI-key-server
|
|
|
|
# These connections are walked over after config file parsing and told
|
|
# to the application layer so that it will inform us when traffic wants to
|
|
# pass over them. This means we can do on-demand keying.
|
|
[Phase 2]
|
|
#Connections= Group-1234
|
|
#
|
|
# Make passive for TIDP becasuse we don't start until the client asks for
|
|
# keys.
|
|
#
|
|
Passive-Connections= Group-1234
|
|
|
|
[GDOI-key-server]
|
|
Phase= 1
|
|
Transport= udp
|
|
Local-address= 127.0.0.1
|
|
Address= 127.0.0.2
|
|
Configuration= Default-main-mode
|
|
Authentication= mekmitasdigoat
|
|
|
|
[Group-1234]
|
|
Phase= 2
|
|
ISAKMP-peer= GDOI-key-server
|
|
Configuration= Default-group-mode
|
|
ID-type= IEC90_5
|
|
OID= 61850_UDP_ADDR_GOOSE
|
|
Address= 239.192.1.1
|
|
|
|
# Main mode descriptions
|
|
|
|
[Default-main-mode]
|
|
DOI= GROUP
|
|
EXCHANGE_TYPE= ID_PROT
|
|
Transforms= 3DES-SHA
|
|
|
|
# Main mode transforms
|
|
|
|
[3DES-SHA]
|
|
ENCRYPTION_ALGORITHM= 3DES_CBC
|
|
HASH_ALGORITHM= SHA
|
|
AUTHENTICATION_METHOD= PRE_SHARED
|
|
GROUP_DESCRIPTION= MODP_1024
|
|
Life= LIFE_60_SECS
|
|
|
|
# Lifetimes
|
|
|
|
[LIFE_60_SECS]
|
|
LIFE_TYPE= SECONDS
|
|
LIFE_DURATION= 60,30:120
|
|
|
|
# Group mode description
|
|
|
|
[Default-group-mode]
|
|
DOI= GROUP
|
|
EXCHANGE_TYPE= PULL_MODE
|