| 1 | # This is an example /etc/secnet/sites file. It doesn't define any real |
| 2 | # sites. The diffie-hellman modulus and generator are real and will work, |
| 3 | # but if you're setting up your own VPN I suggest you choose your own. |
| 4 | |
| 5 | example-vpn { |
| 6 | |
| 7 | dh diffie-hellman("8db5f2c15ac96d9f3382d1ef4688fba14dc7908ae7dfd71a9cfe7f479a75d506dc53f159aeaf488bde073fe544bc91c099f101fcf60074f30c06e36263c03ca9e07931ce3fc235fe1171dc6d9316fb097bd4362891e2c36e234e7c16b038fd97b1f165c710e90537de66ee4f54001f5712b050d4e07de3fba07607b19b64f6c3","2"); |
| 8 | hash md5; |
| 9 | |
| 10 | key-lifetime 3600000; # One hour = 3600000 milliseconds |
| 11 | |
| 12 | some-site { |
| 13 | # The 'name' here must match the 'local-name' defined in the |
| 14 | # site's /etc/secnet/secnet.conf, because it's used in the |
| 15 | # key-setup protocol. |
| 16 | # The name of this dictionary doesn't have to - it's local |
| 17 | # to the configuration system. |
| 18 | name "some-site"; |
| 19 | address "foo.greenend.org.uk"; |
| 20 | port 5678; |
| 21 | networks "192.168.x.x/24", "192.168.x.x/24"; |
| 22 | key rsa-public("35","131453873229748492184986747327990913828179255774895541667982108408897406369168730551214152673574619385573519088922707364993860644376262000057302119569116289693520981276177337391324943049983046703853106890057346878967444626093102422836819979338760420960495059950787838142162794317002315919126174831103379472833"); |
| 23 | }; |
| 24 | |
| 25 | some-other-site { |
| 26 | name "some-other-site"; |
| 27 | address "bar.greenend.org.uk"; |
| 28 | port 18436; |
| 29 | networks "192.168.x.x/24", "192.168.x.x/24"; |
| 30 | key rsa-public("35","154107175724781677184264293617887954015562225725852111745852699493257053099810379926047345975839848434403852210573185384327420788855664167034282567346429150999373740871227795773749618022407366186555483566435251279808390618987056868368084933125373643004284007109877210578088697520329039753099981203724057693543"); |
| 31 | }; |
| 32 | |
| 33 | a-third-site { |
| 34 | name "different-for-a-change"; |
| 35 | address "baz.greenend.org.uk"; |
| 36 | port 3234; |
| 37 | networks "foo"; |
| 38 | key-lifetime 1800000; # Can be set per-site as well, you see... |
| 39 | setup-retries 10; # So can this |
| 40 | setup-timeout 2000; # And this. (And 'wait-time' too.) |
| 41 | key rsa-public("e","n"); |
| 42 | }; |
| 43 | |
| 44 | }; |