1# $OpenBSD: ipsec.conf,v 1.1 2014/07/11 21:20:10 deraadt Exp $ 2# 3# See ipsec.conf(5) for syntax and examples. 4 5# Set up two tunnels using automatic keying with isakmpd(8): 6# 7# First between the networks 10.1.1.0/24 and 10.1.2.0/24, 8# second between the machines 192.168.3.1 and 192.168.3.2. 9# Use FQDNs as IDs. 10 11#ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.3.2 \ 12# srcid me.mylan.net dstid the.others.net 13#ike esp from 192.168.3.1 to 192.168.3.2 \ 14# srcid me.mylan.net dstid the.others.net 15 16# Set up a tunnel using static keying: 17# 18# The first rule sets up the flow; the second sets up the SA. As default 19# transforms, ipsecctl(8) will use hmac-sha2-256 for authentication 20# and aes for encryption. hmac-sha2-256 uses a 256-bit key; aes 21# a 128-bit key. 22 23#flow esp from 192.168.7.0/24 to 192.168.8.0/24 peer 192.168.3.2 24#esp from 192.168.3.1 to 192.168.3.2 spi 0xabd9da39:0xc9dbb83d \ 25# authkey 0x54f79f479a32814347bb768d3e01b2b58e49ce674ec6e2d327b63408c56ef4e8:0x7f48ee352c626cdc2a731b9d90bd63e29db2a9c683044b70b2f4441521b622d6 \ 26# enckey 0xb341aa065c3850edd6a61e150d6a5fd3:0xf7795f6bdd697a43a4d28dcf1b79062d 27