#
# $Id: pipsecd.conf.sample,v 1.3 1999/08/17 10:15:08 beyssac Exp $
#
# Syntax:
#
# Security Association lines:
#
# For authentication:
#	sa <encap_type> spi=<spi> auth=<auth> [dest=<dest_ip>] akey=<auth_key>
#	<encap_type>: ipah, icmp or udp.
#	<auth>: hmac-md5-96, sha1-md5-96 or hmac-rmd160-96.
#	<akey>: authentication key
#
# For encryption:
#	sa <encap_type> spi=<spi> enc=<encr> [dest=<dest_ip>] ekey=<encrypt_key>
#		[auth=<auth> akey=<auth_key>] [noiv]
#	<encap_type>: "ipesp"
#	<encr>: blowfish_cbc, cast_cbc, des_cbc, des3_cbc, null.
#	<ekey>: encryption key
#	optional <auth>: hmac-md5-96, sha1-md5-96 or hmac-rmd160-96.
#	optional <akey>: authentication key
#	optional "noiv": use an implicit initialization vector made
#			 from the sequence number (OpenBSD-compatible mode,
#			 untested)
#
# Common parameters for SA descriptions:
#	<dest_ip>: (optional) REAL IP address of the remote end,
#		   to define a remote SA.
#		   If not included, the SA is considered local.
#	
# Interface lines:
#	if <device_path> local_spi=<local_spi> remote_spi=<remote_spi>
#
#	<device_path>: path to the tunnel device for this virtual link
#	<local_spi>: SPI for the local SA
#	<remote_spi>: SPI for the remote SA
#
#
sa ipah spi=1000 auth=hmac-md5-96 akey=0102030405060708090a0b0c0d0e0f dest=1.2.3.4
sa ipah spi=1000 auth=hmac-md5-96 akey=deadbeefdeadc0deadbeefdeadc0de
sa ipesp spi=1001 enc=blowfish_cbc ekey=f1f2f3f4f5f6f7f8f9fafbfcfdfeff dest=5.6.7.8
sa ipesp spi=1001 enc=blowfish_cbc ekey=d00db00fd00d00d00db00fd00dc00e
if /dev/tun0 local_spi=1000 remote_spi=1000
if /dev/tun1 local_spi=1001 remote_spi=1001