stv0g/gdoid
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
gdoid/samples/three-clients/gdoi_client1.conf

102 lines
2 KiB
Text
Raw Blame History

# $Id: gdoi_client1.conf,v 1.4 2005/10/11 17:57:27 bew Exp $
# $Source: /nfs/cscbz/gdoi/gdoicvs/gdoi/samples/three-clients/gdoi_client1.conf,v $
#
# A configuration sample for testing GDOI between systems passing IPSec policy.
# This is an example of a group member.
#
[General]
Retransmits= 5
Exchange-max-time= 120
Listen-on= 10.0.224.37
check-interval= 60
# Incoming phase 1 negotiations are multiplexed on the source IP address
[Phase 1]
10.0.224.44= GDOI-key-server
# These connections are walked over after config file parsing and told
# to the application layer so that it will inform us when traffic wants to
# pass over them. This means we can do on-demand keying.
[Phase 2]
Connections= Group-1234
[GDOI-key-server]
Phase= 1
Transport= udp
Local-address= 10.0.224.37
Address= 10.0.224.44
Port= 848
Configuration= Default-main-mode
Authentication= mekmitasdigoat
[Group-1234]
Phase= 2
ISAKMP-peer= GDOI-key-server
Configuration= Default-group-mode
Group-ID= Group-1
[Group-1]
ID-type= KEY_ID
Key-value= 1234
# Main mode descriptions
[Default-main-mode]
DOI= GROUP
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
# Main mode transforms
######################
# DES
[DES-MD5]
ENCRYPTION_ALGORITHM= DES_CBC
HASH_ALGORITHM= MD5
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_768
Life= LIFE_600_SECS
[DES-SHA]
ENCRYPTION_ALGORITHM= DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_768
Life= LIFE_600_SECS
# 3DES
[3DES-SHA]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_60_SECS
# Lifetimes
[LIFE_60_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 60,45:72
[LIFE_600_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 600,450:720
[LIFE_3600_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 3600,1800:7200
# Group mode description
########################
[Default-group-mode]
DOI= GROUP
EXCHANGE_TYPE= PULL_MODE
Suites= GM-ESP
[GM-ESP]
PROTOCOL_ID= IPSEC_ESP
Reference in a new issue View git blame Copy permalink