1# Id: racoon.conf.sample-plainrsa,v 1.4 2005/12/13 16:41:07 vanhu Exp 2# Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs 3# http://www.logix.cz/michal 4 5# This file shows the usage of PlainRSA keys, which are widely used 6# by FreeSWAN/OpenSwan/StrongSwan/*Swan users. This functionality is 7# here mainly for those who are moving from the *Swan world to Racoon. 8 9# Racoon will look for a keyfile in this directory. 10path certificate "samples" ; 11 12remote anonymous 13{ 14 # *Swan supports only 'main' mode. 15 exchange_mode main; 16 17 # *Swan doesn't send identifiers by default. 18 my_identifier address; 19 peers_identifier address; 20 21 # This is the trick - use PlainRSA certificates. 22 certificate_type plain_rsa "privatekey.rsa"; 23 24 # Multiple certfiles are supported. 25 peers_certfile plain_rsa "pubkey1.rsa"; 26 peers_certfile plain_rsa "pubkey2.rsa"; 27 28 # Standard setup follows... 29 proposal_check strict; 30 31 proposal { 32 encryption_algorithm 3des; 33 hash_algorithm sha1; 34 authentication_method rsasig; 35 dh_group 2; 36 } 37} 38 39sainfo anonymous 40{ 41 pfs_group 2; 42 lifetime time 12 hour; 43 encryption_algorithm 3des, aes; 44 authentication_algorithm hmac_sha1, hmac_md5; 45 compression_algorithm deflate; 46} 47