You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

113 lines
2.9 KiB

  1. #/etc/config/racoon
  2. #
  3. # Copyright 2015 Vitaly Protsko <villy@sft.ru>
  4. # * WARNING: this is "not working" example
  5. # * Defaults are commented out
  6. # * Resuting config will appear in /var/racoon/
  7. config racoon
  8. # option debug 0
  9. # option ext_zone 'wan'
  10. # option int_zone 'lan'
  11. # option port 500
  12. # option natt_port 4500
  13. # following 4 or 6, no default
  14. # option ipversion 4
  15. config p1_proposal 'example_prop1'
  16. # option lifetime 28800
  17. option enc_alg 'aes'
  18. option hash_alg 'sha1'
  19. option auth_method 'rsasig'
  20. option dh_group 2
  21. config p1_proposal 'example_anon'
  22. # option lifetime 28800
  23. option enc_alg 'aes'
  24. option hash_alg 'sha1'
  25. option auth_method 'xauth_rsa_server'
  26. option dh_group 2
  27. config p1_proposal 'example_xauth'
  28. # option lifetime 28800
  29. option enc_alg 'aes'
  30. option hash_alg 'sha1'
  31. option auth_method 'xauth_rsa_client'
  32. option dh_group 2
  33. config p2_proposal 'example_prop2'
  34. option pfs_group 2
  35. option enc_alg 'aes'
  36. option auth_alg 'hmac_sha1'
  37. config p2_proposal 'example_in2'
  38. option pfs_group 2
  39. # option lifetime 14400
  40. option enc_alg 'aes'
  41. option auth_alg 'hmac_sha1'
  42. config sainfo 'office'
  43. option p2_proposal 'example_prop2'
  44. option local_net '192.168.8.0/24'
  45. option remote_net '192.168.1.0/24'
  46. # you can exclude some local or remote
  47. # addresses from SA rules
  48. list local_exclude '192.168.8.0/30'
  49. list remote_exclude '192.168.1.128/29'
  50. config sainfo 'welcome'
  51. option p2_proposal 'example_in2'
  52. option local_net '192.168.8.0/24'
  53. option remote_net '192.168.10.0/24'
  54. option dns4 '192.168.8.1'
  55. option defdomain 'myhome.local'
  56. config sainfo 'client'
  57. option p2_proposal 'std_p2'
  58. config tunnel 'Office'
  59. option enabled 1
  60. # initial_contact
  61. # option init 1
  62. option remote 'vpn.example.tld'
  63. option exchange_mode 'main'
  64. option certificate 'example_cert'
  65. # option peer_id_type 'asn1dn'
  66. # option prop_check 'obey'
  67. # option verify_id 1
  68. # option weak_p1check 1
  69. # option dpd_delay ''
  70. list p1_proposal 'example_prop1'
  71. list sainfo 'office'
  72. # WARNING: Only ONE tunnel with remote anonymous
  73. # can be configured and it can have only
  74. # ONE sainfo. Otherwise resulting racoon
  75. # configuration will be unusable
  76. config tunnel 'Incoming'
  77. option enabled 1
  78. option remote 'anonymous'
  79. option pre_shared_key 'testitnow'
  80. option exchange_mode 'aggressive,main'
  81. option my_id_type 'fqdn'
  82. option my_id 'myserver.homeip.net'
  83. list p1_proposal 'example_anon'
  84. list sainfo 'welcome'
  85. config tunnel 'Client'
  86. option enabled 1
  87. option remote 'vpn.example.tld'
  88. option username 'testuser'
  89. option password 'testW0rD'
  90. # option mode_cfg 1
  91. list p1_proposal 'example_xauth'
  92. list sainfo 'client'
  93. # Insert corresponding data in PEM format as one line
  94. config 'certificate' 'example_cert'
  95. option 'key' '-----BEGIN PRIVATE KEY----- ~ -----END PRIVATE KEY-----'
  96. option 'crt' '-----BEGIN CERTIFICATE----- ~ -----END CERTIFICATE-----'
  97. config 'certificate' 'example_ca_cert'
  98. option 'crt' '-----BEGIN CERTIFICATE----- ~ -----END CERTIFICATE-----'