diff options
| author |   ho <ho@openbsd.org> | 2001-10-11 13:24:31 +0000 |
|---|---|---|
| committer | ho <ho@openbsd.org> | 2001-10-11 13:24:31 +0000 |
| commit | 60f440cccfa2c756315a5f4eb6a055353870b26c (patch) | |
| tree | df9ac5ff0f5c012630968aa3591e04609b7deb19 | |
| parent | Count pages not buffers. This fixes deadlock condition which mainly (diff) | |
| download | wireguard-openbsd-60f440cccfa2c756315a5f4eb6a055353870b26c.tar.xz wireguard-openbsd-60f440cccfa2c756315a5f4eb6a055353870b26c.zip | |
Fix various bugs in the example configuration. Most entries are
"pregenerated", so indicate which aren't. 'Default-phase-N-lifetime'
replaces LIFE_nnn_SECS.
| -rw-r--r-- | sbin/isakmpd/isakmpd.conf.5 | 84 |
1 files changed, 25 insertions, 59 deletions
diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5 index a99d52a593c..4bec426c9c1 100644 --- a/sbin/isakmpd/isakmpd.conf.5 +++ b/sbin/isakmpd/isakmpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: isakmpd.conf.5,v 1.58 2001/10/04 23:31:27 ho Exp $ +.\" $OpenBSD: isakmpd.conf.5,v 1.59 2001/10/11 13:24:31 ho Exp $ .\" $EOM: isakmpd.conf.5,v 1.57 2000/12/21 14:43:17 ho Exp $ .\" .\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved. @@ -701,21 +701,14 @@ ENCRYPTION_ALGORITHM= DES_CBC HASH_ALGORITHM= MD5 AUTHENTICATION_METHOD= PRE_SHARED GROUP_DESCRIPTION= MODP_768 -Life= LIFE_600_SECS,LIFE_1000_KB - -[DES-MD5-NO-VOL-LIFE] -ENCRYPTION_ALGORITHM= DES_CBC -HASH_ALGORITHM= MD5 -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_768 -Life= LIFE_600_SECS +Life= Default-phase-1-lifetime [DES-SHA] ENCRYPTION_ALGORITHM= DES_CBC HASH_ALGORITHM= SHA AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= MODP_768 -Life= LIFE_600_SECS,LIFE_1000_KB +GROUP_DESCRIPTION= MODP_1024 +Life= Default-phase-1-lifetime # 3DES @@ -724,41 +717,26 @@ ENCRYPTION_ALGORITHM= 3DES_CBC HASH_ALGORITHM= SHA AUTHENTICATION_METHOD= PRE_SHARED GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_3600_SECS +Life= Default-phase-1-lifetime # Blowfish -[BLF-SHA-M1024] +[BLF-SHA] ENCRYPTION_ALGORITHM= BLOWFISH_CBC KEY_LENGTH= 128,96:192 HASH_ALGORITHM= SHA AUTHENTICATION_METHOD= PRE_SHARED GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_600_SECS,LIFE_1000_KB - -[BLF-SHA-EC155] -ENCRYPTION_ALGORITHM= BLOWFISH_CBC -KEY_LENGTH= 128,96:192 -HASH_ALGORITHM= SHA -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= EC2N_155 -Life= LIFE_600_SECS,LIFE_1000_KB - -[BLF-MD5-EC155] -ENCRYPTION_ALGORITHM= BLOWFISH_CBC -KEY_LENGTH= 128,96:192 -HASH_ALGORITHM= MD5 -AUTHENTICATION_METHOD= PRE_SHARED -GROUP_DESCRIPTION= EC2N_155 -Life= LIFE_600_SECS,LIFE_1000_KB +Life= Default-phase-1-lifetime +# Blowfish, using DH group 4 (non-default) [BLF-SHA-EC185] ENCRYPTION_ALGORITHM= BLOWFISH_CBC KEY_LENGTH= 128,96:192 HASH_ALGORITHM= SHA AUTHENTICATION_METHOD= PRE_SHARED GROUP_DESCRIPTION= EC2N_185 -Life= LIFE_600_SECS,LIFE_1000_KB +Life= Default-phase-1-lifetime # Quick mode protection suites ############################## @@ -796,7 +774,7 @@ Protocols= QM-ESP-3DES-SHA-PFS [QM-ESP-AES-SHA-SUITE] Protocols= QM-ESP-AES-SHA -[QM-ESP-3DES-SHA-PFS-SUITE] +[QM-ESP-AES-SHA-PFS-SUITE] Protocols= QM-ESP-AES-SHA-PFS # AH @@ -807,7 +785,7 @@ Protocols= QM-AH-MD5 [QM-AH-MD5-PFS-SUITE] Protocols= QM-AH-MD5-PFS -# AH + ESP +# AH + ESP (non-default) [QM-AH-MD5-ESP-DES-SUITE] Protocols= QM-AH-MD5,QM-ESP-DES @@ -883,26 +861,26 @@ Transforms= QM-AH-MD5-PFS-XF [QM-ESP-DES-XF] TRANSFORM_ID= DES ENCAPSULATION_MODE= TUNNEL -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime [QM-ESP-DES-MD5-XF] TRANSFORM_ID= DES ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_MD5 -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime [QM-ESP-DES-MD5-PFS-XF] TRANSFORM_ID= DES ENCAPSULATION_MODE= TUNNEL GROUP_DESCRIPTION= MODP_768 AUTHENTICATION_ALGORITHM= HMAC_MD5 -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime [QM-ESP-DES-SHA-XF] TRANSFORM_ID= DES ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime # 3DES @@ -910,20 +888,20 @@ Life= LIFE_600_SECS TRANSFORM_ID= 3DES ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime [QM-ESP-3DES-SHA-PFS-XF] TRANSFORM_ID= 3DES ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_SHA GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime [QM-ESP-3DES-SHA-TRP-XF] TRANSFORM_ID= 3DES ENCAPSULATION_MODE= TRANSPORT AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime # AES @@ -931,20 +909,20 @@ Life= LIFE_600_SECS TRANSFORM_ID= AES ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime [QM-ESP-AES-SHA-PFS-XF] TRANSFORM_ID= AES ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_SHA GROUP_DESCRIPTION= MODP_1024 -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime [QM-ESP-AES-SHA-TRP-XF] TRANSFORM_ID= AES ENCAPSULATION_MODE= TRANSPORT AUTHENTICATION_ALGORITHM= HMAC_SHA -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime # AH @@ -952,33 +930,21 @@ Life= LIFE_600_SECS TRANSFORM_ID= MD5 ENCAPSULATION_MODE= TUNNEL AUTHENTICATION_ALGORITHM= HMAC_MD5 -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime [QM-AH-MD5-PFS-XF] TRANSFORM_ID= MD5 ENCAPSULATION_MODE= TUNNEL GROUP_DESCRIPTION= MODP_768 -Life= LIFE_600_SECS +Life= Default-phase-2-lifetime -[LIFE_600_SECS] -LIFE_TYPE= SECONDS -LIFE_DURATION= 600,450:720 - -[LIFE_3600_SECS] +[Sample-Life-Time] LIFE_TYPE= SECONDS LIFE_DURATION= 3600,1800:7200 -[LIFE_1000_KB] +[Sample-Life-Volume] LIFE_TYPE= KILOBYTES LIFE_DURATION= 1000,768:1536 - -[LIFE_32_MB] -LIFE_TYPE= KILOBYTES -LIFE_DURATION= 32768,16384:65536 - -[LIFE_4.5_GB] -LIFE_TYPE= KILOBYTES -LIFE_DURATION= 4608000,4096000:8192000 .Ed .Sh FILES .Bl -tag -width /etc/isakmpd/isakmpd.conf |