94 lines
2 KiB
Text
94 lines
2 KiB
Text
# $Id: gdoi_ks.conf,v 1.1.2.1 2011/12/12 23:49:35 bew Exp $
|
|
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/iec90-5/Attic/gdoi_ks.conf,v $
|
|
|
|
#
|
|
# A configuration sample for testing GDOI over loopback interfaces.
|
|
# This is the key server side.
|
|
#
|
|
|
|
[General]
|
|
Retransmits= 5
|
|
Exchange-max-time= 120
|
|
Listen-on= 127.0.0.2
|
|
#GDOI-application-client-support= 1
|
|
|
|
# Incoming phase 1 negotiations are multiplexed on the source IP address
|
|
[Phase 1]
|
|
127.0.0.1= ISAKMP-peer-client
|
|
|
|
# These connections are walked over after config file parsing and told
|
|
# to the application layer so that it will inform us when traffic wants to
|
|
# pass over them. This means we can do on-demand keying.
|
|
[Phase 2]
|
|
Passive-Connections= Group-1234
|
|
|
|
[ISAKMP-peer-client]
|
|
Phase= 1
|
|
Transport= udp
|
|
Local-address= 127.0.0.2
|
|
Address= 127.0.0.1
|
|
Configuration= Default-main-mode
|
|
Authentication= mekmitasdigoat
|
|
|
|
[Group-1234]
|
|
Phase= 2
|
|
Configuration= IEC90_5_group_1
|
|
ID-type= IEC90_5
|
|
OID= 61850_UDP_ADDR_GOOSE
|
|
Address= 239.192.1.1
|
|
|
|
# Main mode descriptions
|
|
|
|
[Default-main-mode]
|
|
DOI= GROUP
|
|
EXCHANGE_TYPE= ID_PROT
|
|
Transforms= 3DES-SHA
|
|
|
|
# Main mode transforms
|
|
|
|
[3DES-SHA]
|
|
ENCRYPTION_ALGORITHM= 3DES_CBC
|
|
HASH_ALGORITHM= SHA
|
|
AUTHENTICATION_METHOD= PRE_SHARED
|
|
GROUP_DESCRIPTION= MODP_1024
|
|
Life= LIFE_60_SECS
|
|
|
|
# Lifetimes
|
|
|
|
[LIFE_60_SECS]
|
|
LIFE_TYPE= SECONDS
|
|
LIFE_DURATION= 60,30:120
|
|
|
|
[LIFE_120_SECS]
|
|
LIFE_TYPE= SECONDS
|
|
LIFE_DURATION= 120,90:180
|
|
|
|
# GDOI description
|
|
|
|
# Group mode description
|
|
|
|
[IEC90_5_group_1]
|
|
DOI= GROUP
|
|
EXCHANGE_TYPE= PULL_MODE
|
|
Crypto-protocol= PROTO_IEC90_5
|
|
#
|
|
# No SA-KEK is defined for the loopback sample.
|
|
# Rekey messages don't always work across the loopbacks.
|
|
#
|
|
SA-TEKS= GROUP1-TEK1
|
|
|
|
# Src-ID and Dst-ID are the addresses/posrts for the UDP packet.
|
|
[GROUP1-TEK1]
|
|
Src-ID= Group-tek1-src
|
|
Dst-ID= Group-tek1-dst
|
|
|
|
[Group-tek1-src]
|
|
ID-type= IPV4_ADDR
|
|
Address= 172.19.137.42
|
|
Port= 1024
|
|
|
|
[Group-tek1-dst]
|
|
ID-type= IPV4_ADDR
|
|
Address= 239.192.1.1
|
|
Port= 1024
|
|
|