diff options
Diffstat (limited to 'doc/examples')
| -rw-r--r-- | doc/examples | 182 |
1 files changed, 0 insertions, 182 deletions
diff --git a/doc/examples b/doc/examples deleted file mode 100644 index 315049b04..000000000 --- a/doc/examples +++ /dev/null @@ -1,182 +0,0 @@ -# sample connections -# This file is RCSID $Id: examples,v 1.1 2004/03/15 20:35:21 as Exp $ - - - -# basic configuration -config setup - # THIS SETTING MUST BE CORRECT or almost nothing will work. - interfaces="ipsec0=eth1 ipsec1=ppp0" - # Debug-logging controls: "none" for (almost) none, "all" for lots. - klipsdebug=none - plutodebug=none - # Manual connections to be started at startup. - manualstart="test1 test2" - # Auto connections to be loaded into Pluto at startup. - plutoload="samplehth samplefire" - # Auto connections to be started at startup. - plutostart=samplefire - - - -# defaults for subsequent connection descriptions -conn %default - # How persistent to be in (re)keying negotiations (0 means very). - keyingtries=0 - # Parameters for manual-keying testing (DON'T USE OPERATIONALLY). - spi=0x200 - esp=3des-md5-96 - espenckey=0x01234567_89abcdef_02468ace_13579bdf_12345678_9abcdef0 - espauthkey=0x12345678_9abcdef0_2468ace0_13579bdf - # key lifetime (before automatic rekeying) - keylife=8h - - - -# sample connection -conn sample - # Left security gateway and subnet behind it. - left=10.0.0.1 - leftsubnet=172.16.0.0/24 - # Right security gateway and subnet behind it. - right=10.12.12.1 - rightsubnet=192.168.0.0/24 - # Authorize this connection, but don't actually start it, at startup. - auto=add - -# sample tunnel (manually or automatically keyed) -# Here we just use ESP for both encryption and authentication, which is -# the simplest and often the best method. -conn sample - # left security gateway (public-network address) - left=10.0.0.1 - # next hop to reach right - leftnexthop=10.44.55.66 - # subnet behind left (omit if left end of the tunnel is just the s.g.) - leftsubnet=172.16.0.0/24 - # right s.g., subnet behind it, and next hop to reach left - right=10.12.12.1 - rightnexthop=10.88.77.66 - rightsubnet=192.168.0.0/24 - # (manual) SPI number - spi=0x200 - # (manual) encryption/authentication algorithm and parameters to it - esp=3des-md5-96 - espenckey=[192 bits] - espauthkey=[128 bits] - -# In the remaining examples, deviations from the sample-tunnel configuration -# are marked with ###. - -# sample host-to-host tunnel (no subnets) -# Here we assume (for purposes of illustration) that the hosts talk directly -# to each other, so we don't need next-hop settings. -conn samplehth - ### left host (public-network address) - left=10.0.0.1 - ### next hop to reach right - leftnexthop= - ### right host - right=10.12.12.1 - ### next hop to reach left - rightnexthop= - ### (manual) SPI number - spi=0x300 - # (manual) encryption/authentication algorithm and parameters to it - esp=3des-md5-96 - espenckey=[192 bits] - espauthkey=[128 bits] - -# sample hybrid tunnel, with a host on one end and a subnet (behind a -# security gateway) on the other -# This case is also sometimes called "road warrior". -conn samplehyb - ### left host (public-network address) - left=10.0.0.1 - # next hop to reach right - leftnexthop=10.44.55.66 - # subnet behind left - leftsubnet=172.16.0.0/24 - ### right host, and next hop to reach left - right=10.12.12.1 - rightnexthop=10.88.77.66 - ### (manual) SPI number - spi=0x400 - # (manual) encryption/authentication algorithm and parameters to it - esp=3des-md5-96 - espenckey=[192 bits] - espauthkey=[128 bits] - -# sample firewall-penetrating tunnel -# Here we assume that firewalling is being done on the left side. -conn samplefire - # left security gateway (public-network address) - left=10.0.0.1 - # next hop to reach right - leftnexthop=10.44.55.66 - # subnet behind left (omit if left end of the tunnel is just the s.g.) - leftsubnet=172.16.0.0/24 - ### left is firewalling for its subnet - leftfirewall=yes - # right s.g., subnet behind it, and next hop to reach left - right=10.12.12.1 - rightnexthop=10.88.77.66 - rightsubnet=192.168.0.0/24 - ### (manual) SPI number - spi=0x500 - # (manual) encryption/authentication algorithm and parameters to it - esp=3des-md5-96 - espenckey=[192 bits] - espauthkey=[128 bits] - -# sample transport-mode connection (which can only be host-to-host) -# Here we use the whole nine yards, with encryption done by ESP and -# authentication by AH; this perhaps is slightly preferable for transport -# mode, where the IP headers are exposed. -conn sampletm - ### transport mode rather than tunnel - type=transport - ### left host (public-network address) - left=10.0.0.1 - # next hop to reach right - leftnexthop=10.44.55.66 - ### right host, and next hop to reach left - right=10.12.12.1 - rightnexthop=10.88.77.66 - ### (manual) SPI number - spi=0x600 - ### (manual) encryption algorithm and parameters to it - esp=3des - espenckey=[192 bits] - ### (manual) authentication algorithm and parameters to it - ah=hmac-md5 - ahkey=[128 bits] - ### (auto) authentication control - auth=ah - -# sample description with keys split out into a separate section -# Normally the key section would go in a separate file, with tighter -# permissions set on it. -conn samplesep - # left security gateway (public-network address) - left=10.0.0.1 - # next hop to reach right - leftnexthop=10.44.55.66 - # subnet behind left (omit if left end of the tunnel is just the s.g.) - leftsubnet=172.16.0.0/24 - # right s.g., subnet behind it, and next hop to reach left - right=10.12.12.1 - rightnexthop=10.88.77.66 - rightsubnet=192.168.0.0/24 - ### (manual) SPI number - spi=0x700 - # (manual) encryption/authentication algorithm and parameters to it - esp=3des-md5-96 - also=samplesep-keys - -# keys for the previous section -# Normally this would go in a separate file, picked up using an include line, -# to allow keeping the keys confidential. -conn samplesep-keys - espenckey=[192 bits] - espauthkey=[128 bits] |