############################################################################## # # ############################################################################## # #include #include #include ############################################################################## # Pre-Shared Secret Key ike-key = { local-subject = fqdn(sl-zaurus) ike-shared-secret = "himitsu" } ############################################################################## # The base proposal describing ciphers, hashes and HMACs. Proposal base-proposal = { ciphers = { rijndael-cbc } # The known HMAC algorithms. hmacs = { hmac-md5-96 } # IKE hash algorithms hashes = { md5 } # Compression algorithms. compressions = { deflate } } ############################################################################## # IKE proposals # The base IKE proposal Proposal ike-base-proposal extends base-proposal = { type = isakmp life = isakmp-proposal-default-life } # Pre-shared key Proposal ike-psk-proposal extends ike-base-proposal = { auth-method = pre-shared-key } ProposalList ike-psk-proposals = { proposals = { ike-psk-proposal } } ############################################################################## # IPsec proposals ESP Proposal esp-base-proposal extends base-proposal = { type = esp } Proposal esp-tunnel-proposal extends esp-base-proposal = { flags = { tunnel } } ProposalList ipsec-esp-tunnel-proposals = { proposals = { esp-tunnel-proposal } } ############################################################################## # IPsec proposals AH Proposal ah-base-proposal extends base-proposal = { type = ah } Proposal ah-tunnel-proposal extends ah-base-proposal = { flags = { tunnel } } ProposalList ipsec-ah-tunnel-proposals = { proposals = { ah-tunnel-proposal } } ############################################################################## # IPsec proposals IPComp Proposal ipcomp-base-proposal extends base-proposal = { type = ipcomp } Proposal ipcomp-tunnel-proposal extends ipcomp-base-proposal = { flags = { tunnel } } ############################################################################## # IPsec proposals IPComp + ESP Proposal esp-tn-ipcomp-tn-proposal = { chain = { esp-tunnel-proposal ipcomp-tunnel-proposal } } ProposalList ipsec-esp-tn-ipcomp-tn-proposals = { proposals = { esp-tn-ipcomp-tn-proposal } } ############################################################################## # IPsec proposals IPComp + AH Proposal ah-tn-ipcomp-tn-proposal = { chain = { ah-tunnel-proposal ipcomp-tunnel-proposal } } ProposalList ipsec-ah-tn-ipcomp-tn-proposals = { proposals = { ah-tn-ipcomp-tn-proposal } } ############################################################################## # IPsec proposals Life # Life definitions can be applied into QM SA's Life 5min-50meg = { hard-kbytes = 50000 hard-seconds = 300 } ############################################################################### # connection # Private Shared Key Connection ike-psk-tr = { flags = { aggressive-mode } remote-address = { ipv4_subnet(0.0.0.0/0) } remote-gw = ipv4(172.16.0.254) local-gw = ipv4(172.16.1.2) ike-proposal = ike-psk-proposals ike-group = isakmp-group-2 ike-key = ike-key ipsec-proposal = ipsec-esp-tunnel-proposals default-life = 5min-50meg } ############################################################################### # Device collects all from above into one Device rsaintra = { params = default-server-params connections = { allow-ldap-i allow-ldap-o allow-ike-io ike-psk-tr allow-unprotected-ip } } ############################################################################## # Use selects which device one to utilize. This can not be omitted. use rsaintra