Tunnelconfiguration AVM FritzBox (FritzOS 6.20) Alexander "ripp" Kinscher Fri Jul 29 21:03:17 CEST 2015 /* * /tmp/fritzbox_lan-to-lan_fritzos6_20.cfg * Mon Jun 29 20:49:36 2015 */ vpncfg { connections { enabled = yes; editable = no; conn_type = conntype_lan; name = "%some dummy description text%"; boxuser_id = 0; always_renew = yes; reject_not_encrypted = no; dont_filter_netbios = yes; localip = 0.0.0.0; local_virtualip = 0.0.0.0; remoteip = 0.0.0.0; remote_virtualip = 0.0.0.0; remotehostname = "% remote dyndns %"; keepalive_ip = 0.0.0.0; localid { fqdn = "% local fqdn %"; } remoteid { fqdn = "% remote fqdn %"; } mode = phase1_mode_aggressive; phase1ss = "dh14/aes/sha"; keytype = connkeytype_pre_shared; key = "% psk psk psk %"; cert_do_server_auth = no; use_nat_t = no; use_xauth = no; use_cfgmode = no; phase2localid { ipnet { ipaddr = 192.168.1.0; mask = 255.255.255.0; } } phase2remoteid { ipnet { ipaddr = 192.168.2.0; mask = 255.255.255.0; } } phase2ss = "esp-aes256-3des-sha/ah-no/comp-lzs-no/pfs"; accesslist = "permit ip any 192.168.2.0 255.255.255.0"; } ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500", "udp 0.0.0.0:4500 0.0.0.0:4500"; } Access list could me more strictly (this is a firewall ACL) no IPSec SP: e.g.: accesslist = "permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0"; - local_virtualip: when set does fritzbox nat - remote_virtualip: is assigned by modecfg to a client - keepalive_ip: icmp-echo to this ip to keep a tunnel alive /* * /tmp/fritzbox_user_dialin_fritzos6_20.cfg * Mon Jun 29 21:02:17 2015 */ vpncfg { connections { enabled = yes; editable = no; conn_type = conntype_user; name = "%some dummy description text%"; boxuser_id = 0; always_renew = no; reject_not_encrypted = no; dont_filter_netbios = yes; localip = 0.0.0.0; local_virtualip = 0.0.0.0; remoteip = 0.0.0.0; remote_virtualip = 192.168.1.201; keepalive_ip = 0.0.0.0; remoteid { key_id = "% ike-key-id %"; } mode = phase1_mode_aggressive; phase1ss = "all/all/all"; keytype = connkeytype_pre_shared; key = "% psk psk psk %"; cert_do_server_auth = no; use_nat_t = yes; use_xauth = yes; xauth { valid = yes; username = "% xauth username %"; passwd = "% xauth password %"; } use_cfgmode = yes; phase2localid { ipnet { ipaddr = 0.0.0.0; mask = 0.0.0.0; } } phase2remoteid { ipaddr = 192.168.1.201; } phase2ss = "esp-all-all/ah-none/comp-all/no-pfs"; accesslist = "permit ip any 192.168.1.201 255.255.255.255"; } ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500", "udp 0.0.0.0:4500 0.0.0.0:4500"; } - phase1ss: if possible use "dh14/aes/sha" - remote_virtualip: is assigned by modecfg to a client - phase2localid: proxy any defaultroute (if split tunnel required add a network) - phase2ss: if possible use "esp-all-all/ah-none/comp-all/pfs" /* * /tmp/fritzbox_dialout_to_vpnconcentrator_fritzos6_20.cfg * Mon Jun 29 21:11:45 2015 */ vpncfg { connections { enabled = yes; editable = no; conn_type = conntype_out; name = "%some dummy description text%"; boxuser_id = 0; always_renew = no; reject_not_encrypted = no; dont_filter_netbios = no; localip = 0.0.0.0; local_virtualip = 0.0.0.0; remoteip = 0.0.0.0; remote_virtualip = 0.0.0.0; remotehostname = "% remote dyndns %"; keepalive_ip = 192.168.3.1; localid { key_id = "% ike-key-id %"; } mode = phase1_mode_aggressive; phase1ss = "all/all/all"; keytype = connkeytype_pre_shared; key = "% psk psk psk %"; cert_do_server_auth = no; use_nat_t = yes; use_xauth = yes; xauth { valid = yes; username = "% xauth username %"; passwd = "% xauth password %"; } use_cfgmode = yes; phase2localid { ipnet { ipaddr = 0.0.0.0; mask = 0.0.0.0; } } phase2remoteid { ipnet { ipaddr = 0.0.0.0; mask = 0.0.0.0; } } phase2ss = "esp-all-all/ah-none/comp-all/no-pfs"; accesslist = "permit ip any 192.168.3.0 255.255.255.0"; dns_domains = "% resolvediesedomain.vpn %", "% dieseauch.local %"; } ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500", "udp 0.0.0.0:4500 0.0.0.0:4500"; } - phase1ss: if group14 impossible use all/all/all - keepalive_ip: icmp-echo to this ip to keep a tunnel alive - accesslist: needs to be "permit ip any any" if dynamic networks assigned /* * Securityoptions: * * IKE: * * name = "dh5/aes/sha"; * comment = "dh_group_modp5"; * dhgroup = dh_group_modp5; * life_dur_sec = 1h; * life_dur_kb = 0; * accept_all_dh_groups = no; * proposals { * hash = ike_sha; * enc { * type = ike_aes; * keylength = 256; * } * }{ * hash = ike_sha; * enc { * type = ike_aes; * keylength = 192; * } * } { * hash = ike_sha; * enc { * type = ike_aes; * keylength = 0; * } * } * * name = "dh14/aes/sha"; * comment = "dh_group_modp14"; * dhgroup = dh_group_modp14; * life_dur_sec = 1h; * life_dur_kb = 0; * accept_all_dh_groups = no; * proposals { * hash = ike_sha; * enc { * type = ike_aes; * keylength = 256; * } * }{ * hash = ike_sha; * enc { * type = ike_aes; * keylength = 192; * } * } { * hash = ike_sha; * enc { * type = ike_aes; * keylength = 0; * } * } * * name = "dh15/aes/sha"; * comment = "dh_group_modp15"; * dhgroup = dh_group_modp15; * life_dur_sec = 1h; * life_dur_kb = 0; * accept_all_dh_groups = no; * proposals { * hash = ike_sha; * enc { * type = ike_aes; * keylength = 256; * } * }{ * hash = ike_sha; * enc { * type = ike_aes; * keylength = 192; * } * } { * hash = ike_sha; * enc { * type = ike_aes; * keylength = 0; * } * } * * name = "def/all/all"; * comment = "all algorithms, dh group default"; * dhgroup = def; * life_dur_sec = 1h; * life_dur_kb = 0; * accept_all_dh_groups = no; * proposals { * hash = ike_sha; * enc { * type = ike_aes; * keylength = 256; * } * } { * hash = ike_sha; * enc { * type = ike_aes; * keylength = 192; * } * } { * hash = ike_sha; * enc { * type = ike_aes; * keylength = 0; * } * } { * hash = ike_sha; * enc { * type = ike_3des; * keylength = 0; * } * } { * hash = ike_sha; * enc { * type = ike_des; * keylength = 0; * } * } { * hash = ike_md5; * enc { * type = ike_aes; * keylength = 256; * } * } { * hash = ike_md5; * enc { * type = ike_aes; * keylength = 192; * } * } { * hash = ike_md5; * enc { * type = ike_aes; * keylength = 0; * } * } { * hash = ike_md5; * enc { * type = ike_3des; * keylength = 0; * } * } { * hash = ike_md5; * enc { * type = ike_des; * keylength = 0; * } * } * * name = "alt/all/all"; * comment = "all algorithms, dh group alternate"; * dhgroup = alt; * life_dur_sec = 1h; * life_dur_kb = 0; * accept_all_dh_groups = no; * proposals { * hash = ike_sha; * enc { * type = ike_aes; * keylength = 256; * } * } { * hash = ike_sha; * enc { * type = ike_aes; * keylength = 192; * } * } { * hash = ike_sha; * enc { * type = ike_aes; * keylength = 0; * } * } { * hash = ike_sha; * enc { * type = ike_3des; * keylength = 0; * } * } { * hash = ike_sha; * enc { * type = ike_des; * keylength = 0; * } * } { * hash = ike_md5; * enc { * type = ike_aes; * keylength = 256; * } * } { * hash = ike_md5; * enc { * type = ike_aes; * keylength = 192; * } * } { * hash = ike_md5; * enc { * type = ike_aes; * keylength = 0; * } * } { * hash = ike_md5; * enc { * type = ike_3des; * keylength = 0; * } * } { * hash = ike_md5; * enc { * type = ike_des; * keylength = 0; * } * } * * name = "all/all/all"; * comment = "all algorithms, dh group alternate (outgoing)"; * dhgroup = alt; * life_dur_sec = 1h; * life_dur_kb = 0; * accept_all_dh_groups = yes; * proposals { * hash = ike_sha; * enc { * type = ike_aes; * keylength = 256; * } * } { * hash = ike_sha; * enc { * type = ike_aes; * keylength = 192; * } * } { * hash = ike_sha; * enc { * type = ike_aes; * keylength = 0; * } * } { * hash = ike_sha; * enc { * type = ike_3des; * keylength = 0; * } * } { * hash = ike_sha; * enc { * type = ike_des; * keylength = 0; * } * } { * hash = ike_md5; * enc { * type = ike_aes; * keylength = 256; * } * } { * hash = ike_md5; * enc { * type = ike_aes; * keylength = 192; * } * } { * hash = ike_md5; * enc { * type = ike_aes; * keylength = 0; * } * } { * hash = ike_md5; * enc { * type = ike_3des; * keylength = 0; * } * } { * hash = ike_md5; * enc { * type = ike_des; * keylength = 0; * } * } * * name = "LT8h/all/all/all"; * comment = "all algorithms, dh group alternate (outgoing) Lifetime 8h"; * dhgroup = alt; * life_dur_sec = 8h; * life_dur_kb = 0; * accept_all_dh_groups = yes; * proposals { * hash = ike_sha; * enc { * type = ike_aes; * keylength = 256; * } * } { * hash = ike_sha; * enc { * type = ike_aes; * keylength = 192; * } * } { * hash = ike_sha; * enc { * type = ike_aes; * keylength = 0; * } * } { * hash = ike_sha; * enc { * type = ike_3des; * keylength = 0; * } * } { * hash = ike_sha; * enc { * type = ike_des; * keylength = 0; * } * } { * hash = ike_md5; * enc { * type = ike_aes; * keylength = 256; * } * } { * hash = ike_md5; * enc { * type = ike_aes; * keylength = 192; * } * } { * hash = ike_md5; * enc { * type = ike_aes; * keylength = 0; * } * } { * hash = ike_md5; * enc { * type = ike_3des; * keylength = 0; * } * } { * hash = ike_md5; * enc { * type = ike_des; * keylength = 0; * } * } * * * IPSec/ESP: * * name = "esp-3des-sha/ah-no/comp-no/pfs"; * comment = "Linux FreeS/WAN with 3DES and PFS"; * pfs = yes; * life_dur_sec = 1h; * life_dur_kb = 0; * proposals { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } * * name = "esp-3des-sha/ah-no/comp-no/no-pfs"; * comment = "Windows TMG - only one phase 2 proposal accepted"; * pfs = no; * life_dur_sec = 1h; * life_dur_kb = 0; * proposals { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } * * name = "esp-aes256-3des-sha/ah-no/comp-lzs-no/pfs"; * comment = "For peers have issues with compression"; * pfs = yes; * life_dur_sec = 1h; * life_dur_kb = 0; * proposals { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } * * name = "esp-aes-sha/ah-all/comp-lzjh-no/pfs"; * comment = "Standardpolicy for AVM Access Server"; * pfs = yes; * life_dur_sec = 1h; * life_dur_kb = 0; * proposals { * comp = comp_lzjh; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_none; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } * * name = "esp-all-all/ah-all/comp-all/pfs"; * comment = "all algorithms, with PFS"; * pfs = yes; * life_dur_sec = 1h; * life_dur_kb = 0; * proposals { * comp = comp_lzjh; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_none; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_none; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_sha; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_sha; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_sha; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_sha; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_sha; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_sha; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_md5; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_md5; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_none; * ah = ah_md5; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_md5; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_md5; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_none; * ah = ah_md5; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_md5; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_md5; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_md5; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_md5; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_md5; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_md5; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_md5; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_md5; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_md5; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } * * name = "esp-all-all/ah-all/comp-all/no-pfs"; * comment = "all algorithms, no PFS"; * pfs = no; * life_dur_sec = 1h; * life_dur_kb = 0; * proposals { * comp = comp_lzjh; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_none; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_none; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_sha; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_sha; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_sha; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_sha; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_sha; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_sha; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_sha; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_md5; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_md5; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_none; * ah = ah_md5; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_md5; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_md5; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_none; * ah = ah_md5; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_md5; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_md5; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_md5; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_md5; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_md5; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_md5; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_md5; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_md5; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_md5; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } * * name = "esp-all-all/ah-none/comp-all/pfs"; * comment = "all algorithms, ohne AH, with PFS"; * pfs = yes; * life_dur_sec = 1h; * life_dur_kb = 0; * proposals { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } * * name = "esp-all-all/ah-none/comp-all/no-pfs"; * comment = "all algorithms, ohne AH, no PFS"; * pfs = no; * life_dur_sec = 1h; * life_dur_kb = 0; * proposals { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } * * name = "LT8h/esp-all-all/ah-none/comp-all/pfs"; * comment = "all algorithms, ohne AH, with PFS"; * pfs = yes; * life_dur_sec = 8h; * life_dur_kb = 0; * proposals { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } * * name = "LT8h/esp-all-all/ah-none/comp-all/no-pfs"; * comment = "all algorithms, ohne AH, no PFS"; * pfs = no; * life_dur_sec = 8h; * life_dur_kb = 0; * proposals { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = sha; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 256; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 192; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_aes; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_3des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_lzjh; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_deflate; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_des; * enc_key_length = 0; * hash = md5; * } * } * * name = "esp-null-sha/ah-no/comp-no/no-pfs"; * comment = "ESP NULL, no AH,no COMP,no PFS"; * pfs = no; * life_dur_sec = 1h; * life_dur_kb = 0; * proposals { * comp = comp_none; * ah = ah_none; * esp { * typ = esp_null; * enc_key_length = 0; * hash = sha; * } * } * */ // EOF