#
# PGPnet - OpenBSD isakmpd configuration file.
#
# This is a configuration file that will get a PGPnet (a part of PGP
# version 6.5 and later) and OpenBSD to interoperate.
#
# This file works with OpenBSD 3.2 and later. In earlier versions of
# OpenBSD you need to add a lifetime description as well.
#
# The only thing that needs editing is the pre shared secret
# 'mekmitasdigoat'. The setting allows everyone who knows the correct
# pre shared secret to connect.
#
# Please mail me if you have any comments or bug-reports.
#
# Johan Allard <johan@allard.nu>
#

# ----------------
# Defaults section
# ----------------

[General]
Default-phase-1-lifetime=       3600,60:86400
Default-phase-2-lifetime=       1200,60:86400

# -----------
# Connections
# -----------

[Phase 1]
Default=				ISAKMP-clients

[Phase 2]
Passive-Connections=	IPsec-clients

# ---------------------
# Phase 1 peer sections
# ---------------------

[ISAKMP-clients]
Phase=				1
Transport=			udp
Configuration=		PGP-main-mode
Authentication=		mekmitasdigoat

# ----------------
# Phase 2 sections
# ----------------

[IPsec-clients]
Phase=			2
Configuration=	PGP-quick-mode
Local-ID=		default-route
Remote-ID=		dummy-remote

# ------------------
# Client ID sections
# ------------------

[default-route]
ID-type=	IPV4_ADDR_SUBNET
Network=	0.0.0.0
Netmask=	0.0.0.0

[dummy-remote]
ID-type=	IPV4_ADDR
Address=	0.0.0.0

# ----------------------
# Transform descriptions
# ----------------------
#  Some predefined section names are recognized by the daemon, voiding the
#  need to fully specify the Main Mode transforms and Quick Mode suites,
#  protocols and transforms.
#
# For Main Mode:
#   {DES,BLF,3DES,CAST}-{MD5,SHA}[-GRP{1,2,5}][-{DSS,RSA_SIG}]
#
# For Quick Mode:   
#   QM-{ESP,AH}[-TRP]-{DES,3DES,CAST,BLF,AES}[-{MD5,SHA,RIPEMD}][-PFS[-{GRP{1,2,5}}]]-SUITE

# -------------------------------------------------------------------------
# PGPnet note:
#
# The Transform values are the default values in PGPnet, if you change them
# you might have to change in all your clients aswell.
# -------------------------------------------------------------------------

[PGP-main-mode]
DOI=			IPSEC
EXCHANGE_TYPE=	ID_PROT
Transforms=		CAST-SHA-GRP5

[PGP-quick-mode]
DOI=			IPSEC
EXCHANGE_TYPE=	QUICK_MODE
Suites=			QM-ESP-CAST-SHA-SUITE

# -----------
# End of file
# -----------