Group :: Security/Networking
RPM: ipsec-tools
Navigation
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Patch: ipsec-tools-0.6.7-alt-config.patch
Download
Download
--- ipsec-tools-0.6.7/src/racoon/racoon.8.syscfg 2005-04-18 22:10:55 +1100
+++ ipsec-tools-0.6.7/src/racoon/racoon.8 2008-08-27 23:21:02 +1100
@@ -128,8 +128,8 @@ at
The command exits with 0 on success, and non-zero on errors.
.\"
.Sh FILES
-.Bl -tag -width /etc/racoon.conf -compact
-.It Pa /etc/racoon.conf
+.Bl -tag -width /etc/racoon/racoon.conf -compact
+.It Pa /etc/racoon/racoon.conf
default configuration file.
.El
.\"
--- ipsec-tools-0.6.7/src/racoon/samples/psk.txt.in.syscfg 2003-02-27 07:31:35 +1000
+++ ipsec-tools-0.6.7/src/racoon/samples/psk.txt.in 2008-08-27 23:23:25 +1100
@@ -1,21 +1,14 @@
+# file for pre-shared keys used for IKE authentication
+# format is: 'identifier' 'key'
+# For example:
+#
# IPv4/v6 addresses
-10.160.94.3 mekmitasdigoat
-172.16.1.133 mekmitasdigoat
-194.100.55.1 whatcertificatereally
-203.178.141.208 mekmitasdigoat
-206.175.160.18 mekmitasdigoat
-206.175.160.20 mekmitasdigoat
-206.175.160.21 mekmitasdigoat
-206.175.160.22 mekmitasdigoat
-206.175.160.23 mekmitasdigoat
-206.175.160.36 mekmitasdigoat
-206.175.161.125 mekmitasdigoat
-206.175.161.154 mekmitasdigoat
-206.175.161.156 mekmitasdigoat
-206.175.161.182 mekmitasdigoat
-3ffe:501:410:ffff:200:86ff:fe05:80fa mekmitasdigoat
-3ffe:501:410:ffff:210:4bff:fea2:8baa mekmitasdigoat
+# 10.160.94.3 mekmitasdigoat
+# 172.16.1.133 mekmitasdigoat
+# 192.168.55.1 whatcertificatereally
+# 3ffe:501:410:ffff:200:86ff:fe05:80fa mekmitasdigoat
+# 3ffe:501:410:ffff:210:4bff:fea2:8baa mekmitasdigoat
# USER_FQDN
-sakane@kame.net mekmitasdigoat
+# foo@www.example.com micropachycephalosaurus
# FQDN
-kame hoge
+# www.example.com 12345
--- ipsec-tools-0.6.7/src/racoon/samples/racoon.conf.in.syscfg 2005-04-18 22:10:55 +1100
+++ ipsec-tools-0.6.7/src/racoon/samples/racoon.conf.in 2008-08-27 23:21:02 +1100
@@ -4,15 +4,15 @@
# "include" directive with relative file path.
# you can overwrite "path" directive afterwards, however, doing so may add
# more confusion.
-path include "@sysconfdir_x@/racoon";
+path include "@sysconfdir@/racoon";
#include "remote.conf";
# the file should contain key ID/key pairs, for pre-shared key authentication.
-path pre_shared_key "@sysconfdir_x@/racoon/psk.txt";
+path pre_shared_key "@sysconfdir@/racoon/psk.txt";
# racoon will look for certificate file in the directory,
# if the certificate/certificate request payload is received.
-path certificate "@sysconfdir_x@/cert";
+#path certificate "@sysconfdir@/cert";
# "log" specifies logging level. It is followed by either "notify", "debug"
# or "debug2".
@@ -32,7 +32,7 @@ padding
listen
{#isakmp ::1 [7000];
- #isakmp 202.249.11.124 [500];
+ #isakmp 192.168.0.1 [500];
#admin [7002]; # administrative port for racoonctl.
#strict_address; # requires that all addresses must be bound.
}
@@ -101,7 +101,7 @@ sainfo anonymous
compression_algorithm deflate;
}
-sainfo address 203.178.141.209 any address 203.178.141.218 any
+sainfo address 10.0.1.209 any address 10.0.1.218 any
{pfs_group 2;
lifetime time 30 sec;
@@ -110,12 +110,12 @@ sainfo address 203.178.141.209 any addre
compression_algorithm deflate;
}
-sainfo address ::1 icmp6 address ::1 icmp6
-{- pfs_group 3;
- lifetime time 60 sec;
- encryption_algorithm 3des, blowfish, aes;
- authentication_algorithm hmac_sha1, hmac_md5;
- compression_algorithm deflate;
-}
+#sainfo address ::1 icmp6 address ::1 icmp6
+#{+# pfs_group 3;
+# lifetime time 60 sec;
+# encryption_algorithm 3des, blowfish, aes;
+# authentication_algorithm hmac_sha1, hmac_md5;
+# compression_algorithm deflate;
+#}