Commit | Line | Data |
---|---|---|
df1b18fc SE |
1 | # This is an example /etc/secnet/sites file. It doesn't define any real |
2 | # sites. The diffie-hellman modulus and generator are real and will work, | |
3 | # but if you're setting up your own VPN I suggest you choose your own. | |
4 | ||
5 | example-vpn { | |
6 | ||
7 | dh diffie-hellman("8db5f2c15ac96d9f3382d1ef4688fba14dc7908ae7dfd71a9cfe7f479a75d506dc53f159aeaf488bde073fe544bc91c099f101fcf60074f30c06e36263c03ca9e07931ce3fc235fe1171dc6d9316fb097bd4362891e2c36e234e7c16b038fd97b1f165c710e90537de66ee4f54001f5712b050d4e07de3fba07607b19b64f6c3","2"); | |
8 | hash md5; | |
9 | ||
10 | key-lifetime 3600000; # One hour = 3600000 milliseconds | |
11 | ||
12 | some-site { | |
13 | # The 'name' here must match the 'local-name' defined in the | |
14 | # site's /etc/secnet/secnet.conf, because it's used in the | |
15 | # key-setup protocol. | |
16 | # The name of this dictionary doesn't have to - it's local | |
17 | # to the configuration system. | |
18 | name "some-site"; | |
19 | address "foo.greenend.org.uk"; | |
20 | port 5678; | |
21 | networks "192.168.x.x/24", "192.168.x.x/24"; | |
22 | key rsa-public("35","131453873229748492184986747327990913828179255774895541667982108408897406369168730551214152673574619385573519088922707364993860644376262000057302119569116289693520981276177337391324943049983046703853106890057346878967444626093102422836819979338760420960495059950787838142162794317002315919126174831103379472833"); | |
23 | }; | |
24 | ||
25 | some-other-site { | |
26 | name "some-other-site"; | |
27 | address "bar.greenend.org.uk"; | |
28 | port 18436; | |
29 | networks "192.168.x.x/24", "192.168.x.x/24"; | |
30 | key rsa-public("35","154107175724781677184264293617887954015562225725852111745852699493257053099810379926047345975839848434403852210573185384327420788855664167034282567346429150999373740871227795773749618022407366186555483566435251279808390618987056868368084933125373643004284007109877210578088697520329039753099981203724057693543"); | |
31 | }; | |
32 | ||
33 | a-third-site { | |
34 | name "different-for-a-change"; | |
35 | address "baz.greenend.org.uk"; | |
36 | port 3234; | |
37 | networks "foo"; | |
38 | key-lifetime 1800000; # Can be set per-site as well, you see... | |
39 | setup-retries 10; # So can this | |
40 | setup-timeout 2000; # And this. (And 'wait-time' too.) | |
41 | key rsa-public("e","n"); | |
42 | }; | |
43 | ||
44 | }; |