#
# Soft-PK - OpenBSD isakmpd configuration file.
#
# The only thing that needs editing is the pre shared secret
# 'mekmitasdigoat'. The setting allows everyone who knows the correct
# pre shared secret to connect.
#
# Please mail me if you have any comments or bug-reports.
#
# Johan Allard <johan@allard.nu>
#

[Phase 1]
Default=				ISAKMP-clients

[Phase 2]
Passive-Connections=	IPsec-clients


# Phase 1 peer sections
#######################

[ISAKMP-clients]
Phase=			1
Transport=		udp
Configuration=	SoftPK-main-mode
Authentication=	mekmitasdigoat

# Phase 2 sections
##################

[IPsec-clients]
Phase=			2
Configuration=	SoftPK-quick-mode
Local-ID=		default-route
Remote-ID=		dummy-remote

# Client ID sections
####################

[default-route]
ID-type=	IPV4_ADDR_SUBNET
Network=	0.0.0.0
Netmask=	0.0.0.0

[dummy-remote]
ID-type=	IPV4_ADDR
Address=	0.0.0.0


# Transform descriptions
########################
#  Some predefined section names are recognized by the daemon, voiding the
#  need to fully specify the Main Mode transforms and Quick Mode suites,
#  protocols and transforms.
#
# For Main Mode:
#   {DES,BLF,3DES,CAST}-{MD5,SHA}[-{DSS,RSA_SIG}]
#
# For Quick Mode:   
#   QM-{ESP,AH}[-TRP]-{DES,3DES,CAST,BLF,AES}[-{MD5,SHA,RIPEMD}][-PFS]-SUITE

[SoftPK-main-mode]
DOI=			IPSEC
EXCHANGE_TYPE=	ID_PROT
Transforms=		3DES-MD5

[SoftPK-quick-mode]
DOI=			IPSEC
EXCHANGE_TYPE=	QUICK_MODE
Suites=			QM-ESP-3DES-MD5-SUITE

# Main mode transforms
######################

[3DES-MD5]
ENCRYPTION_ALGORITHM=	3DES_CBC
HASH_ALGORITHM=			MD5
AUTHENTICATION_METHOD=	PRE_SHARED
GROUP_DESCRIPTION=		MODP_1024
Life=					LIFE_1_DAY

# Lifetimes
###########

[LIFE_1_DAY]
LIFE_TYPE=		SECONDS
LIFE_DURATION=	86400,79200:93600