1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
#
# $Id: pipsecd.conf.sample 1.3 Wed, 12 May 1999 15:05:23 +0200 sam $
#
# Syntax:
#
# Security Association lines:
#
# For authentication:
# sa <encap_type> spi=<spi> auth=<auth> [dest=<dest_ip>] akey=<auth_key>
# <encap_type>: ipah, icmp or udp.
# <auth>: hmac-md5-96, sha1-md5-96 or hmac-rmd160-96.
# <akey>: authentication key
#
# For encryption:
# sa <encap_type> spi=<spi> enc=<encr> [dest=<dest_ip>] ekey=<encrypt_key>
# [auth=<auth> akey=<auth_key>] [noiv]
# <encap_type>: "ipesp"
# <encr>: blowfish_cbc, cast_cbc, des_cbc, des3_cbc, null.
# <ekey>: encryption key
# optional <auth>: hmac-md5-96, sha1-md5-96 or hmac-rmd160-96.
# optional <akey>: authentication key
# optional "noiv": use an implicit initialization vector made
# from the sequence number (OpenBSD-compatible mode,
# untested)
#
# Common parameters for SA descriptions:
# <dest_ip>: (optional) REAL IP address of the remote end,
# to define a remote SA.
# If not included, the SA is considered local.
#
# Interface lines:
# if <device_path> local_spi=<local_spi> remote_spi=<remote_spi>
#
# <device_path>: path to the tunnel device for this virtual link, or
# minor number of the device (the full name will be
# computed automatically)
# <local_spi>: SPI for the local SA
# <remote_spi>: SPI for the remote SA
#
#
#sa ipah spi=1000 auth=hmac-md5-96 akey=0102030405060708090a0b0c0d0e0f dest=1.2.3.4
#sa ipah spi=1000 auth=hmac-md5-96 akey=deadbeefdeadc0deadbeefdeadc0de
#sa ipesp spi=1001 enc=blowfish_cbc ekey=f1f2f3f4f5f6f7f8f9fafbfcfdfeff dest=5.6.7.8
#sa ipesp spi=1001 enc=blowfish_cbc ekey=d00db00fd00d00d00db00fd00dc00e dest=5.6.7.8
#if 0 local_spi=1000 remote_spi=1000
#if 1 local_spi=1001 remote_spi=1001
|
