SourceForge.net Logo

E.7. vpn-client:/etc/sysconfig/racoon/racoon.conf

# GPL $Id: racoon.conf,v 1.1.1.1 2005/02/28 18:22:49 cvonk Exp $
# run-time configuration for IPsec client (racoon)

path certificate "/etc/sysconfig/racoon";

remote 10.0.1.1 {
    exchange_mode main;
    doi ipsec_doi;
    situation identity_only;
    generate_policy on;

    my_identifier asn1dn;     # extract id from public key
    peers_identifier asn1dn;  # extract id from public key
    verify_identifier on;
    verify_cert on;
    certificate_type x509 "crox.vonk-cert.pem" "crox.vonk-key.pem";
 
    proposal {
        encryption_algorithm 3des;
        hash_algorithm sha1;
        authentication_method rsasig;  # use X.509 RSA public/private key
        dh_group 2;
    }
}

sainfo anonymous {
    lifetime time 28800 sec;
    encryption_algorithm 3des;
    authentication_algorithm hmac_md5;
    compression_algorithm deflate;
}

Example E.7. vpn-client:/etc/sysconfig/racoon/racoon.conf