1.\" $Id: isakmpd.conf.5,v 1.1.1.1 1998/11/15 00:03:49 niklas Exp $ 2.\" 3.\" Copyright (c) 1998 Niklas Hallqvist. All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 3. All advertising materials mentioning features or use of this software 14.\" must display the following acknowledgement: 15.\" This product includes software developed by Ericsson Radio Systems. 16.\" 4. The name of the author may not be used to endorse or promote products 17.\" derived from this software without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 20.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 23.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 24.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 28.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29.\" 30.\" This code was written under funding by Ericsson Radio Systems. 31.\" 32.\" Manual page, using -mandoc macros 33.\" 34.Dd October 10, 1998 35.Dt ISAKMPD.CONF 8 36.Os 37.Sh NAME 38.Nm isakmpd.conf 39.Nd Configuration file for isakmpd 40.Sh DESCRIPTION 41The 42.Nm isakmpd.conf 43is the configuration file for 44.Nm isakmpd 45daemon managing security association and key management for the 46.Nm IPSEC 47layer of the kernel's networking stack. 48.Pp 49The file is of a well known type of format called .INI style, named after 50the suffix used by an overrated windowing environment for its configuration 51files. This format consists of sections, each beginning with a line looking 52like: 53.Bd -literal 54[Section name] 55.Ed 56Between the brackets is the name of the section following this section header. 57Inside a section many tag/value pairs can be stored, each one looking like: 58.Bd -literal 59Tag=Value 60.Ed 61If the value needs more space than fits on a single line it's possible to 62continue it on the next by ending the first with a backspace character 63immediately before the newline character. This method can extend a value for 64an arbitrary amount of lines. 65.Pp 66Comments can be put anywhere in the file by using a hash mark, "#". Then 67the comment goes on to the end of the line. 68.Pp 69.Sh EXAMPLE 70An example of a configuration file: 71.Pp 72.Bd -literal 73# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon. 74 75[General] 76Retransmits= 10 77 78[Main mode initiator] 79Offered-transforms= BLF-SHA-16,DES-MD5 80 81[Main mode responder] 82# XXX Not yet supported. 83#Accepted-transforms= BLF-SHA-M1024,BLF-SHA-EC185,BLF-SHA-EC155,DES-MD5 84 85[DES-MD5] 86ENCRYPTION_ALGORITHM= DES_CBC 87HASH_ALGORITHM= MD5 88AUTHENTICATION_METHOD= PRE_SHARED 89GROUP_DESCRIPTION= MODP_768 90 91[BLF-SHA-16] 92ENCRYPTION_ALGORITHM= BLOWFISH_CBC 93KEY_LENGTH= 128 94HASH_ALGORITHM= SHA 95AUTHENTICATION_METHOD= PRE_SHARED 96GROUP_DESCRIPTION= MODP_1024 97 98[BLF-SHA-M1024] 99ENCRYPTION_ALGORITHM= BLOWFISH 100HASH_ALGORITHM= SHA 101AUTHENTICATION_METHOD= PRE_SHARED 102GROUP_DESCRIPTION= MODP_1024 103 104[BLF-SHA-EC155] 105ENCRYPTION_ALGORITHM= BLOWFISH 106HASH_ALGORITHM= SHA 107AUTHENTICATION_METHOD= PRE_SHARED 108GROUP_DESCRIPTION= EC2N_155 109 110[BLF-SHA-EC185] 111ENCRYPTION_ALGORITHM= BLOWFISH 112HASH_ALGORITHM= SHA 113AUTHENTICATION_METHOD= PRE_SHARED 114GROUP_DESCRIPTION= EC2N_185 115 116[Quick mode initiator] 117Offered-suites= QM-ESP-DES-MD5-SUITE,QM-AH-MD5-ESP-DES-SUITE 118 119[Quick mode responder] 120# XXX Not yet supported. 121#Accepted-suites= QM-ESP-DES-MD5-SUITE,QM-AH-MD5-ESP-DES-SUITE 122 123[QM-ESP-DES-MD5-SUITE] 124Protocols= QM-ESP-DES-MD5 125 126[QM-ESP-DES-MD5] 127PROTOCOL_ID= IPSEC_ESP 128Transforms= QM-ESP-DES-MD5-XF 129 130[QM-ESP-DES-MD5-XF] 131TRANSFORM_ID= DES 132ENCAPSULATION_MODE= TUNNEL 133AUTHENTICATION_ALGORITHM= HMAC_MD5 134Life= LIFE_600_SECS,LIFE_32_MB 135 136[LIFE_600_SECS] 137SA_LIFE_TYPE= SECONDS 138SA_LIFE_DURATION= 600 139 140[LIFE_32_MB] 141SA_LIFE_TYPE= KILOBYTES 142SA_LIFE_DURATION= 32768 143 144[QM-AH-MD5-ESP-DES-SUITE] 145Protocols= QM-AH-MD5,QM-ESP-DES 146 147[QM-AH-MD5] 148PROTOCOL_ID= IPSEC_AH 149Transforms= QM-AH-MD5-XF 150 151[QM-AH-MD5-XF] 152TRANSFORM_ID= MD5 153ENCAPSULATION_MODE= TUNNEL 154 155[QM-ESP-DES] 156PROTOCOL_ID= IPSEC_ESP 157Transforms= QM-ESP-DES-XF 158 159[QM-ESP-DES-XF] 160TRANSFORM_ID= DES 161ENCAPSULATION_MODE= TUNNEL 162 163[PRE_SHARED] 164# A general pre-shared key used for everyone. XXX Should be per-peer later. 165KEY= mekmitasdigoat 166 167[RSA_SIG] 168CERT= /etc/isakmpd_cert 169PRIVKEY= /etc/isakmpd_key 170PUBKEY= /etc/isakmpd_key.pub 171.Ed 172.Pp 173.Sh SEE ALSO 174.Xr isakmpd 8 . 175 176