IPSEC-Racoon tunnels using gif(4) and rotating keys
Jump to navigation
Jump to search
log debug; path pre_shared_key "/usr/local/etc/racoon/psk.txt";
listen {
isakmp 10.0.11.1 [500];
isakmp_natt 10.0.11.1 [4500];
isakmp 10.0.11.7 [500];
isakmp_natt 10.0.11.7 [4500];
isakmp 10.0.11.8 [500];
isakmp_natt 10.0.11.8 [4500];
isakmp 10.0.11.4 [500];
isakmp_natt 10.0.11.4 [4500];
isakmp 10.0.11.5 [500];
isakmp_natt 10.0.11.5 [4500];
isakmp 10.0.11.9 [500];
isakmp_natt 10.0.11.9 [4500];
}
remote anonymous {
dpd_delay 60;
lifetime time 2 hour;
my_identifier address 1.2.3.4;
proposal_check obey;
exchange_mode main,aggressive;
proposal {
encryption_algorithm blowfish;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 2;
}
generate_policy off;
}
sainfo anonymous{
pfs_group 2;
lifetime time 1 hour;
encryption_algorithm blowfish,3des;
authentication_algorithm hmac_md5,hmac_sha1;
compression_algorithm deflate;
}