path pre_shared_key "/usr/local/v6/etc/psk.txt"; path certificate "/usr/local/v6/etc"; my_identifier fqdn "kame.ipsec2000.fr"; log notify; ### Alcatel remote 192.168.1.20 { exchange_mode main,aggressive; lifetime time 28800 sec ; # sec,min,hour lifetime byte 100 MB ; # B,KB,GB #initial_contact off; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group 2 ; } proposal { encryption_algorithm des; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group 2 ; } #proposal_check obey; } ### Check Point remote 192.168.1.30 { exchange_mode main; #exchange_mode aggressive; lifetime time 28800 sec ; # sec,min,hour lifetime byte 100 MB ; # B,KB,GB #initial_contact off; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group 2; } proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; } certificate_type x509 "kame.crt" "kame.key"; #identifier certname; #identifier fqdn; } ### FreeS/WAN remote 192.168.1.40 { exchange_mode main,aggressive; lifetime time 28800 sec; # sec,min,hour lifetime byte 100 MB; # B,KB,GB initial_contact off; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2 ; } proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group 2; } certificate_type x509 "kame.crt" "kame.key"; send_cert off; peers_certfile "freeswan.crt"; } ### OpenBSD remote 192.168.1.50 { exchange_mode main; lifetime time 28800 sec ; # sec,min,hour lifetime byte 100 MB; # B,KB,GB #initial_contact off; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; } #proposal_check obey; } ### Nortel remote 192.168.1.80 { exchange_mode main; lifetime time 28800 sec ; # sec,min,hour #initial_contact off; # For version <= 2.6: can use 3DES if initiator, # must accept DES if responder # Can only do DH1 #proposal { # encryption_algorithm 3des; # hash_algorithm sha1; # authentication_method pre_shared_key ; # dh_group 1 ; #} #proposal { # encryption_algorithm des; # hash_algorithm sha1; # authentication_method pre_shared_key ; # dh_group 1 ; #} # For version >= 3.0: 3DES and DH2 proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group 2 ; } proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group 2 ; } certificate_type x509 "kame.crt" "kame.key"; identifier certname; verify_cert off; } ### RedCreek remote 192.168.1.90 { exchange_mode main,aggressive; lifetime time 28800 sec ; # sec,min,hour lifetime byte 100 MB ; # B,KB,GB initial_contact off; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group 2 ; } #proposal_check obey; } # phase 2 proposal (for IPsec SA). sainfo anonymous { #pfs_group 2; lifetime time 12 hour; #lifetime time 3 minute; lifetime byte 50 MB; encryption_algorithm 3des, cast128, des; authentication_algorithm hmac_sha1, hmac_md5; compression_algorithm deflate; }