#	$BSDcow: x509-vpntracker-rw-isakmpd.conf,v 1.1 2004/03/19 15:59:21 xsa Exp $
# /etc/isakmpd/isakmpd.conf

##################
# Defaults section
##################

[General]
Policy-file=			/etc/isakmpd/isakmpd.policy
Retransmits=			5
Exchange-max-time=		120
Listen-on=			111.222.333.444
Check-interval=			5

# KeyNote credential storage
[KeyNote]
Credential-directory=	/etc/isakmpd/keynote/

[X509-certificates]
CA-directory=		/etc/isakmpd/ca/
Cert-directory=		/etc/isakmpd/certs/
CRL-directory=		/etc/isakmpd/crls/
Private-key=		/etc/isakmpd/private/local.key

#############
# Connections 
#############

[Phase 1]
# Remote client (road) w/ dynamic IP addressing
Default=		road

[Phase 2]
Passive-Connections=	authenticated-peers

#######################
# Phase 1 peer sections
#######################

[road]
Phase=			1
Transport=		udp
Configuration=		Default-main-mode
Default=		authenticated-peers
ID=			my-ID

[my-ID]
ID-type=		FQDN
Name=			my.domain.tld

##################
# Phase 2 sections
##################

[authenticated-peers]
Phase=			2
ISAKMP-peer=		road
Configuration=		Default-quick-mode
Local-ID=		net-core

####################
# Client ID sections
####################

[net-core]
# Local net addressing
ID-type=	IPV4_ADDR_SUBNET
Network=	192.168.2.0	
Netmask=	255.255.255.0	

############################
# Our Main Mode of operation
############################

[Default-main-mode]
EXCHANGE_TYPE=		ID_PROT
Transforms=		3DES-SHA-RSA_SIG

#############################
# Our Quick Mode of operation
#############################

[Default-quick-mode]
EXCHANGE_TYPE=		QUICK_MODE
Suites=			QM-ESP-3DES-SHA-SUITE

# EOF