IPSEC-Racoon tunnels using gif(4) and rotating keys

From WTFwiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
log debug;
path pre_shared_key "/usr/local/etc/racoon/psk.txt";

listen
{
      isakmp 10.0.11.1 [500];
      isakmp_natt 10.0.11.1 [4500];
      isakmp 10.0.11.7 [500];
      isakmp_natt 10.0.11.7 [4500];
      isakmp 10.0.11.8 [500];
      isakmp_natt 10.0.11.8 [4500];
      isakmp 10.0.11.4 [500];
      isakmp_natt 10.0.11.4 [4500];
      isakmp 10.0.11.5 [500];
      isakmp_natt 10.0.11.5 [4500];
      isakmp 10.0.11.9 [500];
      isakmp_natt 10.0.11.9 [4500];
}

remote anonymous {
        dpd_delay 60;
        lifetime time 2 hour;
        my_identifier   address 1.2.3.4;
        proposal_check  obey;
        exchange_mode main,aggressive;
        proposal {
                encryption_algorithm blowfish;
                hash_algorithm md5;
                authentication_method pre_shared_key;
                dh_group 2;
        }
        generate_policy off;
}

sainfo anonymous{
        pfs_group 2;
        lifetime time 1 hour;
        encryption_algorithm blowfish,3des;
        authentication_algorithm hmac_md5,hmac_sha1;
        compression_algorithm deflate;
}