# $ Id: $
# General section
[General]
Retransmits=		5
Exchange-max-time=	120
Listen-on=		192.168.2.13


# Incoming phase 1 negotiations are multiplexed on the source IP address
[Phase 1]
192.168.2.1=		ISAKMP-peer-GNU
Default=		ISAKMP-peer-GNU



# These connections are walked over after config file parsing and told
# to the application layer so that it will inform us when traffic wants to
# pass over them.  This means we can do on-demand keying.
[Phase 2]
#Connections=		IPsec-OBSD-GNU
Passive-connections=		IPsec-OBSD-GNU


# The peers
[ISAKMP-peer-GNU]
Phase=			1
Transport=		udp
Local-address=		192.168.2.13
Address=		192.168.2.20
Configuration=		Default-main-mode
Authentication=		XXXXXX_PSK_HERE_XXXXXX

# The different connections
[IPsec-OBSD-GNU]
Phase=			2
ISAKMP-peer=		ISAKMP-peer-GNU
Configuration=		Default-quick-mode
Local-ID=		Net-OBSD
Remote-ID=		Net-GNU


# Our Networks
[Net-GNU]
ID-type=		IPV4_ADDR_SUBNET
Network=		10.1.20.0
Netmask=		255.255.255.0

[Net-OBSD]
ID-type=		IPV4_ADDR_SUBNET
Network=		10.1.13.0
Netmask=		255.255.255.0

# Certificates stored in PEM format
[X509-certificates]
CA-directory=  	        /etc/isakmpd/ca/
Cert-directory=	        /etc/isakmpd/certs/
Private-key=   	        /etc/isakmpd/private/local.key




# Phase 1 descriptions
[Default-main-mode]
DOI=			IPSEC
EXCHANGE_TYPE=		ID_PROT
#Transforms=		3DES-SHA-RSA_SIG,3DES-SHA,3DES-MD5
Transforms=		3DES-SHA,3DES-MD5,BLF-SHA,BLF-MD5,CAST-SHA,CAST-MD5

# Main mode transforms
########################
# 3DES

[3DES-SHA]
ENCRYPTION_ALGORITHM=	3DES_CBC
HASH_ALGORITHM=		SHA
AUTHENTICATION_METHOD=	PRE_SHARED
GROUP_DESCRIPTION=	MODP_1024

[3DES-MD5]
ENCRYPTION_ALGORITHM=   3DES_CBC
HASH_ALGORITHM=         MD5
AUTHENTICATION_METHOD=  PRE_SHARED
GROUP_DESCRIPTION=      MODP_1024

[BLF-SHA]
ENCRYPTION_ALGORITHM=   BLOWFISH_CBC
KEY_LENGTH=             128,96:256
HASH_ALGORITHM=         SHA
AUTHENTICATION_METHOD=  PRE_SHARED
GROUP_DESCRIPTION=      MODP_1024
#GROUP_DESCRIPTION=      MODP_1536

[BLF-MD5]
ENCRYPTION_ALGORITHM=   BLOWFISH_CBC
KEY_LENGTH=             128,96:256
HASH_ALGORITHM=         MD5
AUTHENTICATION_METHOD=  PRE_SHARED
GROUP_DESCRIPTION=      MODP_1024
#GROUP_DESCRIPTION=      MODP_1536

[CAST-SHA]
ENCRYPTION_ALGORITHM=   CAST_CBC
KEY_LENGTH=             128
HASH_ALGORITHM=         SHA
AUTHENTICATION_METHOD=  PRE_SHARED
GROUP_DESCRIPTION=      MODP_1024

[CAST-MD5]
ENCRYPTION_ALGORITHM=   CAST_CBC
KEY_LENGTH=             128
HASH_ALGORITHM=         MD5
AUTHENTICATION_METHOD=  PRE_SHARED
GROUP_DESCRIPTION=      MODP_1024

# Quick mode description
########################

[Default-quick-mode]
DOI=			IPSEC
EXCHANGE_TYPE=		QUICK_MODE
#Suites=		QM-ESP-3DES-MD5-PFS-SUITE,QM-ESP-3DES-SHA-PFS-SUITE
#Suites=	QM-ESP-BLF-SHA-PFS-SUITE,QM-ESP-BLF-MD5-PFS-SUITE

#Suites=	QM-ESP-AES-SHA-PFS-SUITE,QM-ESP-AES-MD5-PFS-SUITE
Suites=	QM-ESP-AES-SHA-PFS-SUITE,QM-ESP-AES-MD5-PFS-SUITE,QM-ESP-AES-RIPEMD-PFS-SUITE
#Suites=QM-ESP-AES-RIPEMD-PFS-SUITE


# Quick mode protection suites
##############################
# 3DES

[QM-ESP-3DES-SHA-PFS-SUITE]
Protocols=		QM-ESP-3DES-SHA-PFS

[QM-ESP-3DES-MD5-PFS-SUITE]
Protocols=		QM-ESP-3DES-MD5-PFS

[QM-ESP-3DES-SHA-SUITE]	
Protocols=		QM-ESP-3DES-SHA

[QM-ESP-3DES-MD5-SUITE]
Protocols=		QM-ESP-3DES-MD5


# Quick mode protocols
#############################    
# 3DES

[QM-ESP-3DES-SHA-PFS]
PROTOCOL_ID=	        IPSEC_ESP
Transforms=		QM-ESP-3DES-SHA-PFS-XF

[QM-ESP-3DES-MD5-PFS]
PROTOCOL_ID=		IPSEC_ESP
Transforms=		QM-ESP-3DES-MD5-PFS-XF

[QM-ESP-3DES-SHA]
PROTOCOL_ID=	        IPSEC_ESP
Transforms=		QM-ESP-3DES-SHA-XF

[QM-ESP-3DES-MD5]
PROTOCOL_ID=		IPSEC_ESP
Transforms=		QM-ESP-3DES-MD5-XF

# Quick mode transforms
#############################    
# 3DES

[QM-ESP-3DES-SHA-PFS-XF]
TRANSFORM_ID=			3DES
ENCAPSULATION_MODE=		TUNNEL
AUTHENTICATION_ALGORITHM=	HMAC_SHA
GROUP_DESCRIPTION=	        MODP_1024

[QM-ESP-3DES-MD5-PFS-XF]
TRANSFORM_ID=			3DES
ENCAPSULATION_MODE=		TUNNEL
AUTHENTICATION_ALGORITHM=	HMAC_MD5
GROUP_DESCRIPTION=		MODP_1024

[QM-ESP-3DES-SHA-XF]
TRANSFORM_ID=			3DES
ENCAPSULATION_MODE=		TUNNEL
AUTHENTICATION_ALGORITHM=	HMAC_SHA

[QM-ESP-3DES-MD5-XF]
TRANSFORM_ID=			3DES
ENCAPSULATION_MODE=		TUNNEL
AUTHENTICATION_ALGORITHM=	HMAC_MD5

# AES

[QM-ESP-AES-SHA-SUITE]
Protocols=              QM-ESP-AES-SHA

[QM-ESP-AES-SHA-PFS-SUITE]
Protocols=              QM-ESP-AES-SHA-PFS

[QM-ESP-AES-MD5-SUITE]
Protocols=              QM-ESP-AES-MD5

[QM-ESP-AES-MD5-PFS-SUITE]
Protocols=              QM-ESP-AES-MD5-PFS

[QM-ESP-AES-RIPEMD-PFS-SUITE]
Protocols=              QM-ESP-AES-RIPEMD-PFS

[QM-ESP-AES-SHA]
PROTOCOL_ID=            IPSEC_ESP
Transforms=             QM-ESP-AES-SHA-XF

[QM-ESP-AES-SHA-PFS]
PROTOCOL_ID=            IPSEC_ESP
Transforms=             QM-ESP-AES-SHA-PFS-XF

[QM-ESP-AES-SHA-TRP]
PROTOCOL_ID=            IPSEC_ESP
Transforms=             QM-ESP-AES-SHA-TRP-XF

[QM-ESP-AES-MD5]
PROTOCOL_ID=            IPSEC_ESP
Transforms=             QM-ESP-AES-MD5-XF

[QM-ESP-AES-MD5-PFS]
PROTOCOL_ID=            IPSEC_ESP
Transforms=             QM-ESP-AES-MD5-PFS-XF

[QM-ESP-AES-RIPEMD-PFS]
PROTOCOL_ID=            IPSEC_ESP
Transforms=             QM-ESP-AES-RIPEMD-PFS-XF

[QM-ESP-AES-MD5-TRP]
PROTOCOL_ID=            IPSEC_ESP
# AES

[QM-ESP-AES-SHA-XF]
TRANSFORM_ID=           AES
ENCAPSULATION_MODE=     TUNNEL
AUTHENTICATION_ALGORITHM=       HMAC_SHA

[QM-ESP-AES-SHA-PFS-XF]
TRANSFORM_ID=           AES
ENCAPSULATION_MODE=     TUNNEL
AUTHENTICATION_ALGORITHM=       HMAC_SHA
GROUP_DESCRIPTION=      MODP_1024

[QM-ESP-AES-SHA-TRP-XF]
TRANSFORM_ID=           AES
ENCAPSULATION_MODE=     TRANSPORT
AUTHENTICATION_ALGORITHM=       HMAC_SHA

[QM-ESP-AES-MD5-XF]
TRANSFORM_ID=           AES
ENCAPSULATION_MODE=     TUNNEL
AUTHENTICATION_ALGORITHM=       HMAC_MD5

[QM-ESP-AES-MD5-PFS-XF]
TRANSFORM_ID=           AES
ENCAPSULATION_MODE=     TUNNEL
AUTHENTICATION_ALGORITHM=       HMAC_MD5
GROUP_DESCRIPTION=      MODP_1024

[QM-ESP-AES-RIPEMD-PFS-XF]
TRANSFORM_ID=           AES
ENCAPSULATION_MODE=     TUNNEL
AUTHENTICATION_ALGORITHM=       HMAC_RIPEMD
GROUP_DESCRIPTION=      MODP_1024

[QM-ESP-AES-MD5-TRP-XF]
TRANSFORM_ID=           AES
ENCAPSULATION_MODE=     TRANSPORT
AUTHENTICATION_ALGORITHM=       HMAC_MD5

# BLF

[QM-ESP-BLF-SHA-SUITE]
Protocols=              QM-ESP-BLF-SHA

[QM-ESP-BLF-SHA-PFS-SUITE]
Protocols=              QM-ESP-BLF-SHA-PFS

[QM-ESP-BLF-MD5-SUITE]
Protocols=              QM-ESP-BLF-MD5

[QM-ESP-BLF-MD5-PFS-SUITE]
Protocols=              QM-ESP-BLF-MD5-PFS

[QM-ESP-BLF-SHA]
PROTOCOL_ID=            IPSEC_ESP
Transforms=             QM-ESP-BLF-SHA-XF

[QM-ESP-BLF-SHA-PFS]
PROTOCOL_ID=            IPSEC_ESP
Transforms=             QM-ESP-BLF-SHA-PFS-XF

[QM-ESP-BLF-SHA-TRP]
PROTOCOL_ID=            IPSEC_ESP
Transforms=             QM-ESP-BLF-SHA-TRP-XF

[QM-ESP-BLF-MD5]
PROTOCOL_ID=            IPSEC_ESP
Transforms=             QM-ESP-BLF-MD5-XF

[QM-ESP-BLF-MD5-PFS]
PROTOCOL_ID=            IPSEC_ESP
Transforms=             QM-ESP-BLF-MD5-PFS-XF

[QM-ESP-BLF-MD5-TRP]
PROTOCOL_ID=            IPSEC_ESP
# BLF

[QM-ESP-BLF-SHA-XF]
TRANSFORM_ID=           BLOWFISH
ENCAPSULATION_MODE=     TUNNEL
AUTHENTICATION_ALGORITHM=       HMAC_SHA

[QM-ESP-BLF-SHA-PFS-XF]
TRANSFORM_ID=           BLOWFISH
ENCAPSULATION_MODE=     TUNNEL
AUTHENTICATION_ALGORITHM=       HMAC_SHA
GROUP_DESCRIPTION=      MODP_1024

[QM-ESP-BLF-SHA-TRP-XF]
TRANSFORM_ID=           BLOWFISH
ENCAPSULATION_MODE=     TRANSPORT
AUTHENTICATION_ALGORITHM=       HMAC_SHA

[QM-ESP-BLF-MD5-XF]
TRANSFORM_ID=           BLOWFISH
ENCAPSULATION_MODE=     TUNNEL
AUTHENTICATION_ALGORITHM=       HMAC_MD5

[QM-ESP-BLF-MD5-PFS-XF]
TRANSFORM_ID=           BLOWFISH
ENCAPSULATION_MODE=     TUNNEL
AUTHENTICATION_ALGORITHM=       HMAC_MD5
GROUP_DESCRIPTION=      MODP_1024

[QM-ESP-BLF-MD5-TRP-XF]
TRANSFORM_ID=           BLOWFISH
ENCAPSULATION_MODE=     TRANSPORT
AUTHENTICATION_ALGORITHM=       HMAC_MD5