1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
#
# RCSID $Id: defconfig,v 1.2 2004/03/22 21:53:19 as Exp $
#
#
# FreeS/WAN IPSec implementation, KLIPS kernel config defaults
#
#
# First, lets override stuff already set or not in the kernel config.
#
# We can't even think about leaving this off...
CONFIG_INET=y
#
# This must be on for subnet protection.
CONFIG_IP_FORWARD=y
# Shut off IPSEC masquerading if it has been enabled, since it will
# break the compile. IPPROTO_ESP and IPPROTO_AH were included in
# net/ipv4/ip_masq.c when they should have gone into include/linux/in.h.
CONFIG_IP_MASQUERADE_IPSEC=n
#
# Next, lets set the recommended FreeS/WAN configuration.
#
# To config as static (preferred), 'y'. To config as module, 'm'.
CONFIG_IPSEC=y
# To do tunnel mode IPSec, this must be enabled.
CONFIG_IPSEC_IPIP=y
# To enable authentication, say 'y'. (Highly recommended)
CONFIG_IPSEC_AH=y
# Authentication algorithm(s):
CONFIG_IPSEC_AUTH_HMAC_MD5=y
CONFIG_IPSEC_AUTH_HMAC_SHA1=y
# To enable encryption, say 'y'. (Highly recommended)
CONFIG_IPSEC_ESP=y
# Encryption algorithm(s):
CONFIG_IPSEC_ENC_3DES=y
# modular algo extensions (and new ALGOs)
CONFIG_IPSEC_ALG=y
CONFIG_IPSEC_ALG_3DES=m
CONFIG_IPSEC_ALG_AES=m
CONFIG_IPSEC_ALG_TWOFISH=m
CONFIG_IPSEC_ALG_BLOWFISH=m
CONFIG_IPSEC_ALG_SERPENT=m
CONFIG_IPSEC_ALG_MD5=m
CONFIG_IPSEC_ALG_SHA1=m
CONFIG_IPSEC_ALG_SHA2=m
#CONFIG_IPSEC_ALG_CAST=n
#CONFIG_IPSEC_ALG_NULL=n
# Use CryptoAPI for ALG?
CONFIG_IPSEC_ALG_CRYPTOAPI=m
# IP Compression: new, probably still has minor bugs.
CONFIG_IPSEC_IPCOMP=y
# To enable userspace-switchable KLIPS debugging, say 'y'.
CONFIG_IPSEC_DEBUG=y
# NAT Traversal
CONFIG_IPSEC_NAT_TRAVERSAL=y
#
#
# $Log: defconfig,v $
# Revision 1.2 2004/03/22 21:53:19 as
# merged alg-0.8.1 branch with HEAD
#
# Revision 1.1.2.1.2.1 2004/03/16 09:48:19 as
# alg-0.8.1rc12 patch merged
#
# Revision 1.1.2.1 2004/03/15 22:30:06 as
# nat-0.6c patch merged
#
# Revision 1.1 2004/03/15 20:35:26 as
# added files from freeswan-2.04-x509-1.5.3
#
# Revision 1.22 2003/02/24 19:37:27 mcr
# changed default compilation mode to static.
#
# Revision 1.21 2002/04/24 07:36:27 mcr
# Moved from ./klips/net/ipsec/defconfig,v
#
# Revision 1.20 2002/04/02 04:07:40 mcr
# default build is now 'm'odule for KLIPS
#
# Revision 1.19 2002/03/08 18:57:17 rgb
# Added a blank line at the beginning of the file to make it easier for
# other projects to patch ./arch/i386/defconfig, for example
# LIDS+grSecurity requested by Jason Pattie.
#
# Revision 1.18 2000/11/30 17:26:56 rgb
# Cleaned out unused options and enabled ipcomp by default.
#
# Revision 1.17 2000/09/15 11:37:01 rgb
# Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
# IPCOMP zlib deflate code.
#
# Revision 1.16 2000/09/08 19:12:55 rgb
# Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
#
# Revision 1.15 2000/05/24 19:37:13 rgb
# *** empty log message ***
#
# Revision 1.14 2000/05/11 21:14:57 henry
# just commenting the FOOBAR=y lines out is not enough
#
# Revision 1.13 2000/05/10 20:17:58 rgb
# Comment out netlink defaults, which are no longer needed.
#
# Revision 1.12 2000/05/10 19:13:38 rgb
# Added configure option to shut off no eroute passthrough.
#
# Revision 1.11 2000/03/16 07:09:46 rgb
# Hardcode PF_KEYv2 support.
# Disable IPSEC_ICMP by default.
# Remove DES config option from defaults file.
#
# Revision 1.10 2000/01/11 03:09:42 rgb
# Added a default of 'y' to PF_KEYv2 keying I/F.
#
# Revision 1.9 1999/05/08 21:23:12 rgb
# Added support for 2.2.x kernels.
#
# Revision 1.8 1999/04/06 04:54:25 rgb
# Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
# patch shell fixes.
#
#
|
