# # $Id: isakmpd-x509.conf.1,v 1.1 2003/01/12 14:33:51 raptor Exp $ # # isakmpd-x509.conf.1 v2.0 - Sample IKE configuration # Copyright (c) 2003 Raptor # # Sample file for the configuration of the first # gateway (alpha) for a basic IPSec VPN using ISAKMP, # with detailed comments. The authentication is done # via X.509 certificates (see isakmpd-x509.policy for # details). Tested on OpenBSD 3.2. # # Change it to fit your local configuration. # [General] # Local gateway is 1.1.1.1 (alpha) Retransmits= 5 Exchange-max-time= 120 Listen-on= 1.1.1.1 Check-interval= 1 [X509-certificates] # Certificates stored in PEM format CA-directory= /etc/isakmpd/ca/ Cert-directory= /etc/isakmpd/certs/ Private-key= /etc/isakmpd/private/local.key [Phase 1] # Remote gateway is 2.2.2.2 (omega) 2.2.2.2= omega [Phase 2] # Set up the connection between gateways Connections= alpha-omega [omega] # Phase 1: exchange authentication informations Phase= 1 Transport= udp Local-address= 1.1.1.1 Address= 2.2.2.2 Configuration= Default-main-mode # ID= alpha-id # # [alpha-id] # We don't need explicit IDs, 'cause IP is the default # ID-type= IPV4_ADDR # Name= 1.1.1.1 [alpha-omega] # Phase 2: extablish the connection Phase= 2 ISAKMP-peer= omega Configuration= Default-quick-mode Local-ID= Net-alpha Remote-ID= Net-omega [Net-alpha] # Local network address ID-type= IPV4_ADDR_SUBNET Network= 192.168.1.0 Netmask= 255.255.255.0 [Net-omega] # Remote network address ID-type= IPV4_ADDR_SUBNET Network= 192.168.2.0 Netmask= 255.255.255.0 [Default-main-mode] # Declare our Main Mode of operation DOI= IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA [Default-quick-mode] # Declare our Quick Mode of operation DOI= IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-3DES-SHA-PFS-SUITE [3DES-SHA] # Don't forget to enable RSA_SIG for X.509 authentication ENCRYPTION_ALGORITHM= 3DES_CBC HASH_ALGORITHM= SHA AUTHENTICATION_METHOD= RSA_SIG GROUP_DESCRIPTION= MODP_1024