Very basic sample ipsec.conf, more to come. Has been demanded by deraadt@ for

a long time, but i'm a bloody slacker...

1 files changed, 26 insertions, 0 deletions

diff --git a/etc/ipsec.conf b/etc/ipsec.conf
new file mode 100644
index 00000000000..0f507e9f70e
--- /dev/null
+++ b/etc/ipsec.conf
@@ -0,0 +1,26 @@
+#	$OpenBSD: ipsec.conf,v 1.1 2005/12/24 15:44:12 hshoexer Exp $
+#
+# See ipsec.conf(5) for syntax and examples.
+
+# Set up two tunnels using automatic keying with isakmpd(8):
+#
+# First between the networks 10.1.1.0/24 and 10.1.2.0/24,
+# second between the machines 192.168.3.1 and 192.168.3.2.
+# Use FQDNs as IDs.
+
+ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.3.2 \
+	srcid me.mylan.net dstid the.others.net
+ike esp from 192.168.3.1 to 192.168.3.2 \
+	srcid me.mylan.net dstid the.others.net
+
+# Set up a tunnel using static keying:
+#
+# The first rules sets up the flow, second the SA.  As default
+# transforms ipsecctl(8) will use hmac-sha2-256 for authentication
+# and aesctr for encryption.  hmac-sha2-256 uses a 256 bit key, aesctr
+# a 160 bit key.
+
+flow esp from 192.168.7.0/24 to 192.168.8.0/24 peer 192.168.3.2
+esp from 192.168.3.1 to 192.168.3.2 spi 0xdeadbeef:0xbeefdead \
+	authkey 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa \
+	enckey 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee:0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee