Differences
This shows you the differences between two versions of the page.
|
doc:uci:racoon [2012/12/21 16:12] miceliux |
doc:uci:racoon [2013/04/10 20:05] (current) xenophonf corrected typo |
||
|---|---|---|---|
| Line 11: | Line 11: | ||
| |debug|boolean|no|0|Activate racoon debugging if set to 1| | |debug|boolean|no|0|Activate racoon debugging if set to 1| | ||
| |listen|list|no|(not set)|List which interfaces racoon should listen on. Uses all interfaces if not set.| | |listen|list|no|(not set)|List which interfaces racoon should listen on. Uses all interfaces if not set.| | ||
| - | |zone|string|no|vpn|Firewall zone. Has to match the defined [[doc:howto:vpn.ipsec.firewall#zones|firewall zone]]| | + | |zone|string|no|vpn|Firewall zone. Has to match the defined [[doc:howto:vpn.ipsec.firewall.racoon#zones|firewall zone]]| |
| - | |dns|string|no|(none)|IP address of DNS server published to [[[[doc:howto:vpn.ipsec.roadwarrior#naming.services|road warrior]] clients| | + | |dns|string|no|(none)|IP address of DNS server published to [[[[doc:howto:vpn.ipsec.roadwarrior.racoon#naming.services|road warrior]] clients| |
| - | |domain|string|no|(none)|Domain name assigned to virtual network interface of [[[[doc:howto:vpn.ipsec.roadwarrior#naming.services|road warrior]] clients| | + | |domain|string|no|(none)|Domain name assigned to virtual network interface of [[[[doc:howto:vpn.ipsec.roadwarrior.racoon#naming.services|road warrior]] clients| |
| Line 22: | Line 22: | ||
| ^Name^Type^Required^Default^Description^ | ^Name^Type^Required^Default^Description^ | ||
| |enabled|boolean|yes|(none)|Configuration is enabled or not| | |enabled|boolean|yes|(none)|Configuration is enabled or not| | ||
| - | |remote|ipaddr|yes|(none)|IP address or FQDN name of the tunnel remote endpoint. Use **anonymous** for [[doc:howto:vpn.ipsec.roadwarrior|road warrior]] setup| | + | |remote|ipaddr|yes|(none)|IP address or FQDN name of the tunnel remote endpoint. Use **anonymous** for [[doc:howto:vpn.ipsec.roadwarrior.racoon|road warrior]] setup| |
| |remote_device|string|no|(none)|setting used for optimise racoon.conf generation when remote peer is Cisco ASA| | |remote_device|string|no|(none)|setting used for optimise racoon.conf generation when remote peer is Cisco ASA| | ||
| |exchange_mode|string|yes|(none)|Phase 1 negotiation (main, aggressive)| | |exchange_mode|string|yes|(none)|Phase 1 negotiation (main, aggressive)| | ||
| Line 39: | Line 39: | ||
| ^Name^Type^Required^Default^Description^ | ^Name^Type^Required^Default^Description^ | ||
| |lifetime|integer|no|28800|Lifetime of phase 1 in seconds| | |lifetime|integer|no|28800|Lifetime of phase 1 in seconds| | ||
| - | |encrpytion_algorithm|string|yes|(none)|Phase 1 encryption method (aes 128, aes 192, aes 256, 3des)| | + | |encryption_algorithm|string|yes|(none)|Phase 1 encryption method (aes 128, aes 192, aes 256, 3des)| |
| |hash_alogrithm|string|yes|(none)|Phase 1 hash alogrithm (md5,sha1) | | |hash_alogrithm|string|yes|(none)|Phase 1 hash alogrithm (md5,sha1) | | ||
| - | |authentication_method|string|yes|(none)|Allowed values [[doc:howto:vpn.ipsec.site2site|pre_shared_key]], [[doc:howto:vpn.ipsec.certificates|rsasig]], [[doc:howto:vpn.ipsec.roadwarrior|xauth_psk_server]] or [[doc:howto:vpn.ipsec.roadwarriorcertificates|xauth_rsa_server]] | | + | |authentication_method|string|yes|(none)|Allowed values [[doc:howto:vpn.ipsec.site2site.racoon|pre_shared_key]], [[doc:howto:vpn.ipsec.certificates.racoon|rsasig]], [[doc:howto:vpn.ipsec.roadwarrior.racoon|xauth_psk_server]] or [[doc:howto:vpn.ipsec.roadwarriorcertificates.racoon|xauth_rsa_server]] | |
| |dh_group|string|yes|(none)|Diffie-Hellman exponentiation (either number 2,5,... or name modp768,...| | |dh_group|string|yes|(none)|Diffie-Hellman exponentiation (either number 2,5,... or name modp768,...| | ||
| Line 51: | Line 51: | ||
| |local_subnet|subnet|yes|(none)|Local network| | |local_subnet|subnet|yes|(none)|Local network| | ||
| |remote_subnet|subnet|yes|(none)|Remote network| | |remote_subnet|subnet|yes|(none)|Remote network| | ||
| - | |local_nat|subnet|no|(none)|NAT range for tunnels with [[doc:howto:vpn.ipsec.overlappingsubnets|overlapping IP addresses]]| | + | |local_nat|subnet|no|(none)|NAT range for tunnels with [[doc:howto:vpn.ipsec.overlappingsubnets.racoon|overlapping IP addresses]]| |
| |p2_proposal|string|yes|(none)|link to phase 2 proposal| | |p2_proposal|string|yes|(none)|link to phase 2 proposal| | ||
| Line 74: | Line 74: | ||
| ===== Examples ===== | ===== Examples ===== | ||
| - | Example 1 taken from the [[doc:howto:vpn.ipsec.site2site|IPSec site to site howto]]. | + | Example 1 taken from the [[doc:howto:vpn.ipsec.site2site.racoon|IPSec site to site howto]]. |
| <code> | <code> | ||
| Line 115: | Line 115: | ||
| - | Example 2 taken from the [[doc:howto:vpn.ipsec.certificates|IPSec with certificates howto]]. | + | Example 2 taken from the [[doc:howto:vpn.ipsec.certificates.racoon|IPSec with certificates howto]]. |
| <code> | <code> | ||
doc/uci/racoon.1356102729.txt.bz2 · Last modified: 2012/12/21 16:12 (external edit)
This text is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.