search for: asn1dn

...block and was wondering if someone could help me figure it out. my racoon.conf (I have it mirrored on the connecting machine. path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/certs"; remote anonymous { exchange_mode aggressive,main; my_identifier asn1dn; peers_identifier asn1dn; lifetime time 2 min; # sec,min,hour initial_contact on; proposal_check obey; # obey, strict or claim certificate_type x509 "slave1.public" "slave1.private"; proposal { encryption_algorithm 3des;...

...key "/usr/local/etc/racoon/psk.txt"; path certificate "/usr/local/etc/racoon/certs"; listen { isakmp 192.168.2.10; strict_address; } remote 192.168.2.11 { exchange_mode main; doi ipsec_doi; situation identity_only; my_identifier asn1dn; peers_identifier asn1dn; verify_identifier on; certificate_type x509 "mad.public" "mad.private"; peers_certfile x509 "laptop.public"; send_cert on; send_cr on; verify_cert on; lifetime time 300 sec;...

...out ipsec esp/tunnel/192.168.1.2-192.168.1.1/require ah/tunnel/192.168.1.2-192.168.1.1/require; spdadd 0.0.0.0/0 192.168.1.2/32 any -P in ipsec esp/tunnel/192.168.1.1-192.168.1.2/require ah/tunnel/192.168.1.1-192.168.1.2/require; Racoon.conf remote 192.168.1.1 { exchange_mode main; my_identifier asn1dn; peers_identifier asn1dn; certificate_type x509 "Memphis.public" "Memphis.private"; peers_certfile "Zeus.public"; proposal{ encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group modp1024; #I don''t understand this option } }...

...long certificate_type line might get wrapped around by my mail client, but it is a single line in the configuration file). This is store in /etc/racoon/192.168.1.100.conf, which is included from racoon.conf. remote 192.168.1.100 { exchange_mode aggressive, main; my_identifier asn1dn; peers_identifier asn1dn; certificate_type x509 "/etc/racoon/certs/host-a.public" "/etc/racoon/certs/host-a.private"; peers_certfile "/etc/racoon/certs/host-b.public"; proposal { encryption_algorithm 3des;...

...ted): path certificate "/etc/racoon/certs"; > > listen > { > isakmp 5.6.7.8; > } > > remote 1.2.3.4 > { > exchange_mode main; > certificate_type x509 "sandy.pem" "sandy_key.pem"; > verify_cert on; > my_identifier asn1dn ; > peers_identifier asn1dn ; > verify_identifier on ; > lifetime time 24 hour ; > proposal { > encryption_algorithm blowfish; > hash_algorithm sha1; > authentication_method rsasig ; > dh_group 2 ; > } > } > > s...

....45.4 [500]; >>> isakmp_natt 172.28.45.4 [4500]; >>> } >>> >>> remote anonymous { >>> exchange_mode aggressive; >>> certificate_type x509 "gwenc.crt" "gwenc.key"; >>> my_identifier asn1dn; >>> proposal_check claim; >>> generate_policy on; >>> nat_traversal on; >>> dpd_delay 20; >>> ike_frag on; >>> passive on; >>> proposal { >>> encr...

.../racoon/racoon.sock" "root" "nobody" 0660; isakmp 172.28.45.4 [500]; isakmp_natt 172.28.45.4 [4500]; } remote anonymous { exchange_mode aggressive; certificate_type x509 "gwenc.crt" "gwenc.key"; my_identifier asn1dn; proposal_check claim; generate_policy on; nat_traversal on; dpd_delay 20; ike_frag on; passive on; proposal { encryption_algorithm aes; hash_algorithm sha256; authentication_method hyb...

...ate "/usr/local/openssl/certs" ; # "log" specifies logging level. It is followed by either "notify", "debug" # or "debug2". log debug; remote anonymous { exchange_mode main,aggressive,base; #exchange_mode main,base; my_identifier asn1dn; peers_identifier asn1dn; certificate_type x509 "bsd.public" "bsd.priv" ; lifetime time 24 hour ; # sec,min,hour #initial_contact off ; #passive on ; # phase 1 proposal (for ISAKMP SA) proposal { encryption_algorithm 3des; h...