IPSEC-Racoon tunnels using gif(4) and rotating keys

From WTFwiki
Jump to navigation Jump to search
log debug;
path pre_shared_key "/usr/local/etc/racoon/psk.txt";

listen
{
      isakmp 10.0.11.1 [500];
      isakmp_natt 10.0.11.1 [4500];
      isakmp 10.0.11.7 [500];
      isakmp_natt 10.0.11.7 [4500];
      isakmp 10.0.11.8 [500];
      isakmp_natt 10.0.11.8 [4500];
      isakmp 10.0.11.4 [500];
      isakmp_natt 10.0.11.4 [4500];
      isakmp 10.0.11.5 [500];
      isakmp_natt 10.0.11.5 [4500];
      isakmp 10.0.11.9 [500];
      isakmp_natt 10.0.11.9 [4500];
}

remote anonymous {
        dpd_delay 60;
        lifetime time 2 hour;
        my_identifier   address 1.2.3.4;
        proposal_check  obey;
        exchange_mode main,aggressive;
        proposal {
                encryption_algorithm blowfish;
                hash_algorithm md5;
                authentication_method pre_shared_key;
                dh_group 2;
        }
        generate_policy off;
}

sainfo anonymous{
        pfs_group 2;
        lifetime time 1 hour;
        encryption_algorithm blowfish,3des;
        authentication_algorithm hmac_md5,hmac_sha1;
        compression_algorithm deflate;
}