#
# protectix    
#
# OpenBSD Concentrator config file with fixed IP certificate SafeNet client
#
# The network topology of the VPN net is like this:
#
# w2k [63.199.136.126] - net - [63.218.191.100/192.168.1.45] protectix - 192.168.1.0/24
#

[General]
Policy-File=/etc/isakmpd/isakmpd.policy
Retransmits=3
Exchange-max-time=120
Listen-on=63.218.191.100

# Certificates stored in PEM format
[X509-certificates]
CA-directory=/etc/isakmpd/ca/
Cert-directory=/etc/isakmpd/certs/
Private-key=/etc/isakmpd/private/vpn.protectix.com.key

[w2k]
Phase=1
Local-address= 63.218.191.100
Address=63.199.136.126
Configuration=Default-main-mode
Flags=
Default=protectix-w2k

[Phase 1]
Default=w2k

[Phase 2]
Connections=protectix-w2k

[protectix-w2k]
Phase=2
ISAKMP-peer=w2k
Configuration=Default-quick-mode
Local-ID=Net-protectix
Remote-ID=Net-w2k

[Net-w2k]
ID-type=IPV4_ADDR
Address=63.199.136.126

[Net-protectix]
ID-type=IPV4_ADDR_SUBNET
Network=192.168.1.0
Netmask=255.255.255.0  

# 3DES
[3DES-SHA]
ENCRYPTION_ALGORITHM=   3DES_CBC
HASH_ALGORITHM=         SHA
AUTHENTICATION_METHOD=  RSA_SIG
GROUP_DESCRIPTION=      MODP_1024
Life=                   LIFE_3600_SECS

[Default-main-mode]
DOI=IPSEC
EXCHANGE_TYPE=		ID_PROT
Transforms=3DES-SHA

[Default-quick-mode]
DOI=IPSEC
EXCHANGE_TYPE=QUICK_MODE
Suites=QM-ESP-3DES-SHA-PFS-SUITE

# 3DES
[QM-ESP-3DES-SHA-PFS-SUITE]
Protocols=              QM-ESP-3DES-SHA-PFS

[LIFE_600_SECS]
LIFE_TYPE=              SECONDS
LIFE_DURATION=          600,450:720

[LIFE_3600_SECS]
LIFE_TYPE=              SECONDS
LIFE_DURATION=          3600,1800:7200

[LIFE_1000_KB]
LIFE_TYPE=              KILOBYTES
LIFE_DURATION=          1000,768:1536

[LIFE_32_MB]
LIFE_TYPE=              KILOBYTES
LIFE_DURATION=          32768,16384:65536

[LIFE_4.5_GB]
LIFE_TYPE=              KILOBYTES
LIFE_DURATION=          4608000,4096000:8192000