#
# PGPnet - OpenBSD isakmpd configuration file with settings for
# Virtual Identity and Aggressive mode.
#
# The only thing that needs editing is the pre shared secret
# 'mekmitasdigoat'. The setting allows everyone who knows the correct
# pre shared secret to connect.
#
# Please mail me if you have any comments or bug-reports.
#
# Johan Allard <johan@allard.nu>
#

[Phase 1]
Default=		ISAKMP-clients

[Phase 2]
Passive-Connections=	IPsec-clients

# Phase 1 peer sections
#######################

[ISAKMP-clients]
Phase=			1
Transport=		udp
Configuration=		PGP-aggressive-mode
Authentication=		mekmitasdigoat

# Phase 2 sections
##################

[IPsec-clients]
Phase=			2
Configuration=		PGP-quick-mode
Local-ID=		default-route
Remote-ID=		dummy-remote


# Virtual Addresses for remote users
####################################
# In order to get this to work you need to add one [ufqdn/email_address] 
# section per user that needs a virtual address.

[ufqdn/johan@allard.nu]
Address=		10.0.1.10
Netmask=		255.255.255.0
Nameserver=		10.0.1.2
WINS-server=		10.0.1.2


# Client ID sections
####################

[default-route]
ID-type=	IPV4_ADDR_SUBNET
Network=	0.0.0.0
Netmask=	0.0.0.0

[dummy-remote]
ID-type=	IPV4_ADDR
Address=	0.0.0.0

# Transform descriptions
########################
#  Some predefined section names are recognized by the daemon, voiding the
#  need to fully specify the Main Mode transforms and Quick Mode suites,
#  protocols and transforms.
#
# For Main Mode:
#   {DES,BLF,3DES,CAST}-{MD5,SHA}[-{DSS,RSA_SIG}]
#
# For Quick Mode:   
#   QM-{ESP,AH}[-TRP]-{DES,3DES,CAST,BLF,AES}[-{MD5,SHA,RIPEMD}][-PFS]-SUITE

# -------------------------------------------------------------------------
# PGPnet note:
#
# The Transform values are the default values in PGPnet, if you change them
# you might have to change in all your clients aswell.
# -------------------------------------------------------------------------

[PGP-aggressive-mode]
DOI=			IPSEC
EXCHANGE_TYPE=		AGGRESSIVE
Transforms=		CAST-SHA,3DES-MD5

[PGP-quick-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          QUICK_MODE
Suites=                 QM-ESP-CAST-SHA-SUITE,QM-ESP-CAST-MD5-SUITE,QM-ESP-3DES-MD5-SUITE

# Main mode transforms
######################

[3DES-MD5]
ENCRYPTION_ALGORITHM=	3DES_CBC
HASH_ALGORITHM=		MD5
AUTHENTICATION_METHOD=	PRE_SHARED
GROUP_DESCRIPTION=	MODP_1024
Life=			LIFE_1_DAY

[CAST-SHA]
ENCRYPTION_ALGORITHM=	CAST_CBC
HASH_ALGORITHM=		SHA
AUTHENTICATION_METHOD=	PRE_SHARED
GROUP_DESCRIPTION=	MODP_1536
Life=			LIFE_1_DAY

# Lifetimes
###########

[LIFE_1_DAY]
LIFE_TYPE=		SECONDS
LIFE_DURATION=		86400,79200:93600