1# $OpenBSD: VPN-3way-template.conf,v 1.12 2005/05/28 18:38:30 ho Exp $ 2# 3# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon. 4# 5# This is a template file of a VPN setup between three nodes in 6# a fully meshed 'three-way' configuration. Suggested use is to copy 7# this file to all three nodes and then edit them accordingly. 8# 9# These nodes are initially called XXX, YYY and ZZZ. 10# 11# In pseudographics: XXX --- YYY 12# \ / 13# ZZZ 14# 15# In cases where IP/network addresses should be defined values like 16# 192.168.XXX.nnn have been used. 17# 18 19# Incoming phase 1 negotiations are multiplexed on the source IP 20# address. In the three-way VPN, we have two possible peers. 21 22[Phase 1] 23192.168.YYY.nnn= ISAKMP-peer-node-YYY 24192.168.ZZZ.nnn= ISAKMP-peer-node-ZZZ 25 26# These connections are walked over after config file parsing and 27# told to the application layer so that it will inform us when 28# traffic wants to pass over them. This means we can do on-demand 29# keying. In the three-way VPN, each node knows two connections. 30 31[Phase 2] 32Connections= IPsec-Conn-XXX-YYY,IPsec-Conn-XXX-ZZZ 33 34# ISAKMP Phase 1 peer sections 35 36[ISAKMP-peer-node-YYY] 37Phase= 1 38Address= 192.168.YYY.nnn 39Configuration= Default-main-mode 40Authentication= yoursharedsecretwithYYY 41 42[ISAKMP-peer-node-ZZZ] 43Phase= 1 44Address= 192.168.ZZZ.nnn 45Configuration= Default-main-mode 46Authentication= yoursharedsecretwithZZZ 47 48# IPsec Phase 2 sections 49 50[IPsec-Conn-XXX-YYY] 51Phase= 2 52ISAKMP-peer= ISAKMP-peer-node-YYY 53Configuration= Default-quick-mode 54Local-ID= MyNet-XXX 55Remote-ID= OtherNet-YYY 56 57[IPsec-Conn-XXX-ZZZ] 58Phase= 2 59ISAKMP-peer= ISAKMP-peer-node-ZZZ 60Configuration= Default-quick-mode 61Local-ID= MyNet-XXX 62Remote-ID= OtherNet-ZZZ 63 64# Client ID sections 65 66[MyNet-XXX] 67ID-type= IPV4_ADDR_SUBNET 68Network= 192.168.XXX.0 69Netmask= 255.255.255.0 70 71[OtherNet-YYY] 72ID-type= IPV4_ADDR_SUBNET 73Network= 192.168.YYY.0 74Netmask= 255.255.255.0 75 76[OtherNet-ZZZ] 77ID-type= IPV4_ADDR_SUBNET 78Network= 192.168.ZZZ.0 79Netmask= 255.255.255.0 80 81# Main mode description 82 83[Default-main-mode] 84EXCHANGE_TYPE= ID_PROT 85Transforms= AES-SHA,3DES-SHA 86 87# Quick mode description 88 89[Default-quick-mode] 90EXCHANGE_TYPE= QUICK_MODE 91Suites= QM-ESP-AES-SHA-PFS-SUITE 92