Difference between revisions of "IPSEC-Racoon tunnels using gif(4) and rotating keys"
Jump to navigation
Jump to search
(Created page with "log debug; path pre_shared_key "/usr/local/etc/racoon/psk.txt"; listen { isakmp 10.0.11.1 [500]; isakmp_natt 10.0.11.1 [4500]; isakmp 10.0.11.7 [500];...") |
(No difference)
|
Revision as of 13:38, 18 January 2019
log debug; path pre_shared_key "/usr/local/etc/racoon/psk.txt";
listen {
isakmp 10.0.11.1 [500]; isakmp_natt 10.0.11.1 [4500]; isakmp 10.0.11.7 [500]; isakmp_natt 10.0.11.7 [4500]; isakmp 10.0.11.8 [500]; isakmp_natt 10.0.11.8 [4500]; isakmp 10.0.11.4 [500]; isakmp_natt 10.0.11.4 [4500]; isakmp 10.0.11.5 [500]; isakmp_natt 10.0.11.5 [4500]; isakmp 10.0.11.9 [500]; isakmp_natt 10.0.11.9 [4500];
}
remote anonymous {
dpd_delay 60; lifetime time 2 hour; my_identifier address 1.2.3.4; proposal_check obey; exchange_mode main,aggressive; proposal { encryption_algorithm blowfish; hash_algorithm md5; authentication_method pre_shared_key; dh_group 2; } generate_policy off;
}
sainfo anonymous{
pfs_group 2; lifetime time 1 hour; encryption_algorithm blowfish,3des; authentication_algorithm hmac_md5,hmac_sha1; compression_algorithm deflate;
}