# freeswan-team-conns -- IPSEC/IKE config for the project VPN # by ||ugh Daniel 2000/01/24 # and D. Hugh Redelmeier # # Conventions: # # - information is supplied as if for the right side # + the local side will be the left # + mnemonic: L for Local and Left, R for Remote and Right # # - each system is describe with one conn for the host and # one for each subnet. The subnets use also= to refer to host. # # - naming convention: # + owner gets to choose pithy referent for site # + suffix -host for host # + suffix -net for subnet (if unique) # # - extra information can be included as x- attributes or comments # + x-right-pinger # # - dotted-quad IP addresses are preferred to domain names # + this allows VPN to function without/before/distrusting DNS # + need not apply to extensions unused by FreeS/WAN # + If name is known, capture in an extension with a systematic # name: prefix x-, suffix -name (eg. x-right-name=) # # - keys are expressed in base 64 (0s...) # # # usage: # include ipsec.vpns/freeswan.project # conn me_remote # also=me # also=remote # ... #### Hugh Daniel's Edome #### conn hd-subnet also=hd-host rightsubnet=216.240.42.0/255.255.255.0 x-rightsubnet-name=edome-net.toad.com/edome-mask.toad.com conn hd-host right=216.240.36.86 x-right-name=public.syzygy.com rightnexthop=216.240.36.85 rightrsasigkey=0sAQNdh1rNMNE54BA11AGamgn1QL9KzUbJhX8bdhpUTjYV9ZQyFVWqg4C4vhLQOjMPCDCaYwc0jk6PPHmZMIib+BWwGC7LDNSqt7m1m0nsGNUFEy4ogphkeZt47G2fMjwBWsZtXqizQFXZqaAY05D3qEw1/NTGuMObsfrpAvfgf3htks7MC2/eq6jhQpfR1RgMT0QIGkG5FWgfEDHknZBZrIBZKqfC89fSAjfZjAZyuBHACMvfB0E1snUkrs2V+Lobmdj1CrxWJNEe9RGJ6KjYGUYI8AigLqS3v7aml/SFRRZvLQ7Odal0XSXU69v/J1ZUR1F44j0AN/c4Wl1D3smGo4hxAw8WwWusgWbYwscz x-rightnexthop-name=nexthop.syzygy.com x-passnet=216.240.43.0/24 x-ping_target=east.toad.com # 216.240.42.145 x-chargen_target=east.toad.com # 216.240.42.145 x-lfs_version=1.00 # upgrade planned... x-contact="Hugh Daniel (+1 408 353 8124)" #### Projects machines conn abigail-net rightsubnet=192.139.46.46/32 also=abigail-host conn abigail-host right=192.139.46.76 x-right-name=private.abigail.freeswan.org rightid=@private.abigail.freeswan.org rightnexthop=192.139.46.77 rightrsasigkey=0sAQN1+2l0FQZjgwcpDzaEMuPfnyY/YJ8eTKsyOrS9YxcEyHJ6naH10oq/UZ0YtrefvVXaGFIh5mzc6VwKuOCtd6qbh59GLk+861pA9tc0ut4VkivqrCVSO3DDDBTJAcYA4DWH+6ZJM+7enII0/Brj+SITMDr+MvDBRZ6HlujVMwRo/kGXgkayUHZsYmqwsIkJg96JpzlDA7HK+2Qc+97Rk5kC5MV8Ug5CJOl5k3xp4QGy7z4aVD3DkKCz/XXbc5dCdFy2As+cXCww+e/frO+5eumXpbOaDJaEl5gJGaOb/vwUbhPA/kMwPFo3lMp5SG3kcDoPzjeq06pUUJpfJmz5VpfD conn adams-host # # right=adams.freeswan.org rightid=@adams.freeswan.org rightnexthop=194.109.218.209 # rightrsasigkey=0x010384cd68b08f0d92d83de06afdc0581924dd5c358f114072a3d73788fe21ccd80e64737c917824d8c6b76ff6cd64f1a90c372dc27341fb0c689cef9ee92a457cd887c406f002eb960b30957d92a1aba6efd362c6a6390b803c371db2ee0d14ccaee29ff7e9d834b2d9b0416cba93e5b9020623d077cbef92c0677f6f6865e0b1b108574b859e36b21ece23510b3bd0fb864f4e7d4170f76f7a7a791cfb68c74b1b2a5e55542f1ac457fb94c52c79bdbd60e6c433405138ea595b3a5cb807a073344ca3a66512b0b4e202f55656327c96a61b299c406022b2ad91e83b367f0b757223d1967ead7475c6b8a2fcbe8c887475316913f6b36cee405ed19dc7da8d49a5 #### John Gilmore's Toad Hall #### conn jg-subnet also=jg-host rightsubnet=140.174.2.1/32 # one host, toad.com x-rightsubnet-name=toad.com/32 conn jg-host right=140.174.2.9 x-right-name=north.toad.com rightnexthop=140.174.2.23 x-rightnexthop-name=gw.toad.com x-lfs_version=1.0 # stays 1.0 for at least a few days x-contact="Hugh Daniel (+1 408 353 8124)" x-contact="John Gilmore (+1 415 221 6524)" #### Richard Guy Briggs' Co-op #### conn rgb-net1 also=rgb-host rightsubnet=192.168.1.0/24 # not public or routeable! x-ping-target=192.168.1.2 x-ping-target-name=grendel.conscoop.ottawa.on.ca conn rgb-net2 also=rgb-host rightsubnet=192.168.2.0/24 # not public or routeable! x-rightsubnet-name=sub2-net.conscoop.ottawa.on.ca/sub2-mask.conscoop.ottawa.on.ca # not public or routeable! x-ping-target=192.168.2.110 # not public or routeable! x-ping-target-name=gonzales.conscoop.ottawa.on.ca # not public or routeable! x-chargen-target=192.168.2.110 # not public or routeable! x-chargen-target-name=gonzales.conscoop.ottawa.on.ca # not public or routeable! conn rgb-netE also=rgb-host rightsubnet=216.240.43.64/26 x-rightsubnet-name=sub2-e-net.conscoop.ottawa.on.ca/sub2-e-mask.conscoop.ottawa.on.ca x-ping-target=216.240.43.66 x-ping-target-name=gonzales-e.conscoop.ottawa.on.ca x-chargen-target=216.240.43.66 x-chargen-target-name=gonzales-e.conscoop.ottawa.on.ca conn rgb-host right=207.236.55.216 x-right-name=arrakeen.conscoop.ottawa.on.ca rightnexthop=207.236.55.1 x-rightnexthop-name=nexthop.conscoop.ottawa.on.ca x-lfs_version="Linux FreeS/WAN U/K2001-07-07_18:46:07" rightid=@arrakeen.conscoop.ottawa.on.ca rightrsasigkey=0sAQPSJV1G4prIluo5SPIKt2ADpY0Hhxa0sz7aIsxCOweQHAqrxwDz35SWLOMDA37d6bWOddJKUWOyIFOvQqbzaJEzgbBR3+9S+UeLCN20f/8VLOsy2AHp1jlZxwciB8PHeOKUY4QaGDSAMOUwS4Fa/zcEeN17co1d9nsUjBg8W9cGk6hAdWIflsxa5kMjZZHPE6men5sDcNzJFn4jXsyi1eFLPgjdJ1lcva+UanI4SV+NCiY67geNxbL7M4jO2pN3D38Ibl7eUTZf439nebzlW0vyTCWKLLWsrbrMFnRSb/vsW6ctqXylCiO+iIgzkVVWt9BBMXgrXi4BXOkPWhOUBpdV x-rightinkey="IN KEY 0x4200 4 1 AQPSJV1G4prIluo5SPIKt2ADpY0Hhxa0sz7aIsxCOweQHAqrxwDz35SWLOMDA37d6bWOddJKUWOyIFOvQqbzaJEzgbBR3+9S+UeLCN20f/8VLOsy2AHp1jlZxwciB8PHeOKUY4QaGDSAMOUwS4Fa/zcEeN17co1d9nsUjBg8W9cGk6hAdWIflsxa5kMjZZHPE6men5sDcNzJFn4jXsyi1eFLPgjdJ1lcva+UanI4SV+NCiY67geNxbL7M4jO2pN3D38Ibl7eUTZf439nebzlW0vyTCWKLLWsrbrMFnRSb/vsW6ctqXylCiO+iIgzkVVWt9BBMXgrXi4BXOkPWhOUBpdV" x-contact="Richard Guy Briggs (+1 613 237 1549)" # notebook aaitlol: Alone Again In The Lap Of Luxury conn aaitlol-net also=aaitlol-host leftsubnet=172.31.252.0/24 x-leftsubnet=mobile-net.conscoop.ottawa.on.ca/mobile-mask.conscoop.ottawa.on.ca conn aaitlol-nete also=aaitlol-host leftsubnet=216.240.43.120/29 x-leftsubnet=mobile-e-net.conscoop.ottawa.on.ca/mobile-e-mask.conscoop.ottawa.on.ca conn aaitlol-host right=%any rightid=@aaitlol.conscoop.ottawa.on.ca authby=rsasig rightrsasigkey=0x010376578530b0491e8106332cc3b82361d5e4c12bfb947e74c523ed38533398d8047945315b06a4a75c3f4ab4cd279902448868bb31541ae81bcd52050723f40b20f58ac89a1ad27a0d453543d2270364db74897f19cade857a96ad41749f826943fc791026262a7f8cd8feda6dac0500ba0eb9ae905d033d59907e744c224375b6411172127a9a9a4a2b796b85319bf73602c833906d4830ed051b0a927f8f86844eb55728360354ba2ed37b3c3c6dbb4e532fe4309a861871ebd38926d01f16e8c52d16503273ddbd2d7a88ca039c650712b712866b9cd317b9e50b32d22453b4aa8534b8d9560fe7580ff0e71db525f872968ff7e088f531b18f4a257826e723 #### Hugh Redelmeier's system, mimosa.com #### # hugh@mimosa.com +1 416 482 8253 # Updated 2001 October 23 # for now, production subnet goes through Cable conn mimosa-subnet also=mimosa-gw-c rightsubnet=192.139.70.64/26 x-ping_target=192.139.70.112 # private name: redouble.mimosa.com # test subnet goes through DSL conn mimosa-testnet also=mimosa-gw-d rightsubnet=192.139.70.0/26 # cable gateway (through Rogers@Home) # Note: this IP address may change without notice :-( conn mimosa-gw-c right=24.112.39.102 x-right-name=CPE00606767ED59.cpe.net.cable.rogers.com # gw-c.mimosa.com rightnexthop=24.112.192.1 rightrsasigkey=0sAQMM6XdcRc4C0OxA69h8EIXkFqkKpR4me46yi7tbJSOQhG7h5mFBbOZM//lkH9bcokRLfkuOcyvNEkQA0QADUeJ+Znv2TGv/dDrw8lU9WDXdpUxpzMEs+7BVzkYqPJ25mxqdVt39uRzwbKkjVV+LIW/P1UBmDZS2JPoymL6va63s1Q== rightid=@gw-c.mimosa.com # DSL (ADSL) gateway (through The Higher Technology, tht.net) conn mimosa-gw-d right=216.126.78.97 x-right-name=gw-d.mimosa.com rightnexthop=216.126.76.1 rightrsasigkey=0sAQNkTV6X8oGokz+jUY6pQokclMSj4SY6OPrGlMYERWzrmFADS2GWs82DeEeVIahVxCwi3klwEk7UvnrqImDrQiPQZVOe/ZYY4CmozTQaLMMuI5mhIomyeRQcgSNn69XFs0G9uURoTMO9vGS2X3pr4bzI6UNYnjXdAKfk83LzA5Xs8ZdRZ7iNPIaEtjJn+XHiEaBirpwjOQ9rhj2AxEIF6/ddnJquCvZ+8Jqqdi47ttLGQgyDNJJT3sqTugGRm5kJ0eutqKQdaGiiha4G15Bcdrsi9Avis1zY0jvHtQCO/Z/NdOKRu6HAd+EB61CqFniDANs2FaYP6P3tLwyvLc/vAwxn rightid=@gw-d.mimosa.com #### Gary Barhard, ISP #### # x-contact="Hugh Daniel (+1 408 353 8124)" # x-contact="Gary Barnhard (+1 301 229 8012)" #### Sandy Harris #### # sandy@storm.ca 613 232 5628 # updated 2001 June 20 conn sandy-subnet also=sandy-host rightsubnet=192.168.100.128/25 x-ping_target=192.168.100.129 # Linux server x-bad_target=192.168.100.32 # desktop, not in subnet conn sandy-host # right security gateway, PPPoE with dynamic address # firewall/gateway is dual PPro 200, 64 megs # running 2.2.19 SMP, FreeS/WAN 1.91, rp-pppoe 3.1.1 right=%any # arbitrary ID rightid=@sandy.freeswan.org rightrsasigkey=0x0103e50bc61ac1ac3ccbf3410b83c9a30457d95b714b5a4dd1e6480dfdf4ee9c3acd1cb30da10819ff39f2aab754622d4189bf870aca8c2cac645430c9b04e500564039035d9a0d8599f1bae5e3b671cc344e6479f05dd61750ceb614ed2ad738b94c9b122e61af3051194d88257a134d4d96e661ed55d3659e1c5ee7469d7ab53cb97faa018bf84b85f1e30e9f64c372050f03b181825d5f0145db06c064f4dc76bd26b8993b33e187e1c746e653d5253828d82e801d4870ef1a110fd90220b09d77284fc0633d250e410cf67383a2772e236279d25c6f9c9e8d9f6f2fef26aeb86ac53597135670ed43df6daa93bc0e34173c81df94b46452a344f7aaeeb44a5a3 x-contact="Sandy Harris (+1 613 232 5628)" #### Henry Spencer's network #### # henry@spsystems.net +1 416 690 6561 conn henry-smallnet rightsubnet=209.47.149.227/32 x-ping-target=209.47.149.227 x-ping-target-name=spsystems.net also=henry-host # not usable directly at this time -- connections only to subnets conn henry-host right=209.47.149.225 x-right-name=gateway.spsystems.net rightid=@gateway.spsystems.net # 2048 bits, Sun Feb 6 19:52:44 2000 rightrsasigkey=0sAQO/AAYpLjO2CiA32oo4aBf0g+GKP6gvBK4hXNDqqcKd+8F6ym8DKvfQXav1AuR/ZCoMubGR/5yI4GhXvz2iBfi9T+bf1ik7uqaLaUp0SSTZc9XFLJpsBQ0KKpbwDW5/lsaCrDW7IHCEFxL3YjFI/y6yVeoAMXTyWqjMNQ0uYjxkpU4fHnIxGKe7kHIlrR8Ea4HyVo7fi3yyyFGGJRNLCa79eukZGnpV8bvMY7QIBdTGZOhTHckB1xYY0bgffO71mhwjmSPJy4T5PiHx0IHDyEAs464hwFTTWjB8aha8bnaWDHwO32GMavwxy0BkrZkUQubcDSLCSYG6NEAopOFftEbT #### Claudia Schmeing's system #### # claudia@freeswan.org +1 416 240 9474 (house) or +1 416 839 9284 (Sam's Cell) conn claudia-host right=24.157.90.137 rightid=@CPE0080C6E946A1.cpe.net.cable.rogers.com x-right-name=CPE0080C6E946A1.cpe.net.cable.rogers.com rightrsasigkey=0sAQPV+EDfEETCBC8GATv/pdRUy86lUeWFKY4ER5Iu+Ndfjwu7uKgVmdvS6jaXe2Go1dCSiyIIjM1yYNyrmympBlLCn7ngs3YjFkNwUwYU6gpYw1u3CfzUrs7mipAxJqlGh/AOxwJxWPStVyCK4gP7ncoWV4TjMUKu2ow9z8UZyeC7z91wm4eGeNO6m0U6cM7lUpiUZNjygX9q4iyKelNF+UCnf65Kz2W/ZHZ8cEZHYVur7YHIUfWWe9njU1gAZCGS8RTzvnX07KHw9ldgGc28Wo7OBK8M1CJE0vnx+X4JjeYLLYIDBkamS9c0YS0XAg+JcTXpMw8h/rnbHQAC04hoV3v/ #### freeswan.org #### # Who is Sysadmin? HD? Kasper? # liberty.freeswan.org is known as freeswan.org; web server conn liberty-host right=195.24.22.215 rightid=@freeswan.org x-right-name=libery.freeswan.org rightrsasigkey=0sAQOwMTRZ5Z7B2hsH44FaCZIL0VCa/ofNAvn0YX0a+ynPiA9thFdiMiDRHTm1OGRQ7clAkEyqGoMZahq7Eo4Z+KJO+wZHO17wAUviFqxGcnzl9iW7l4XgWTxua3GX89/uv+FmOSvWcOHUb2tXx/TV9ftkQLTvg9szWlJUZhjZ+IEAieL2N2V8U/aQU96vhOxsRhA2DhOZg4Sy207yQG546XzLxYylOn0OplyXId4NXioA6k3v4F5YhvX6pm2BrYHEwYoysXv7dsflKXy35K26hphMaHVdrY1+BOhvOGfEDXrDTbLoy4f6wOIqMEPlsVsUMQZPQ8lS3wyvC+qseyvL8K3h # minuteman.freeswan.org will be public test machine conn minuteman-host right=195.24.22.217 rightid=@minuteman.freeswan.org x-right-name=minuteman.freeswan.org rightrsasigkey=0sAQNM46C3ZHAGvfx6pSED46DeH/JKc+Hge59laAlJ7a2qkbmHDvI6Feq50veQAFNM1RKnkrFasBjSAXl5HaImWo+bJIJXB+td9oeiVjWEGH3ObZ2WTT0ZktAzluO/eEyC25DN9Rf26xQ55M8EkNVCMAIbrshC9ki2Zs015jFMMB38buZ00RDnt34cqxMzg2gyasnpADYgTjehBAHvpEEZL7sc2aVzmSAdqkiCp90huXoftd6+yk/5FZ041ianYHsnwEsvfwaGX+9K+Ba56+Y9bmhPQLN2oSLIRTZ8tigVw2WbT+5EkvFibq/EoXOtb5HqVa9+KvlenoshwF8Royoqf/6R #### Michael Richardson's Sandelman Software Works #### # mcr@sandelman.ottawa.on.ca # 2001 Oct 28 22:16:25 -0500 # # tolkien characters, all # Elros/Pippin test gateway conn elros-net rightsubnet=192.139.46.56/29 x-right-pinger=192.139.46.59 x-right-pinger-name=ping1.pri.sandelman.ottawa.on.ca also=elros-host # Elros conn elros-host right=192.139.46.5 x-right-name=gate1.pub.sandelman.ottawa.on.ca rightrsasigkey=0sAQPVDrkcCvOI3xw7bo735f+E8dnMRvFzMQZ3Rp5FmFpsdwn1vd2WMBjvFFlb5HK/nesWURIXSGnTy2Os4VXqnsAkh61wRUMhst7DoooJMgC6drIZiAGyKb0MHjsazcxM3tRpYp9LOx9R1nPUOsp9Gd7ltCwLs8yckHlhWAx+QoDWkw== rightnexthop=192.139.46.1 # Elros/Merry test gateway conn elrond-net rightsubnet=192.139.46.48/29 x-right-pinger=192.139.46.50 x-right-pinger-name=merry.sandelman.ottawa.on.ca x-right-pinger-name=oetest.sandelman.ottawa.on.ca also=elrond-host # Elrond conn elrond-host right=192.139.46.7 x-right-name=elrond.sandelman.ottawa.on.ca rightrsasigkey=0sAQOJbJd7lVj0eJS8Y+0vv0bbphKmherbH27gL6YQhDRKyx5DSRRiu/IpudysTP22Dd3CltSNPybzrhSaoYg3CFQygc3KrT5lLkRiJEKI6c95KYbSYbjvlTWHlVmxOhpR9U0IFiVA4D3CempA9KgfFRGtBgwTkN9xoNI7zBHehZ16Hw== rightnexthop=192.139.46.1 # MrCharlie/Cyphermail conn mrcharlie-net rightsubnet=192.139.46.72/29 x-right-pinger=192.139.46.78 x-right-pinger-name=cyphermail.sandelman.ottawa.on.ca x-right-smtp-responder=cyphermail.sandelman.ottawa.on.ca also=mrcharlie-host # MrCharlie (okay, not a tolkien character) conn mrcharlie-host right=192.139.46.38 x-right-name=mrcharlie.sandelman.ottawa.on.ca # rightrsasigkey=0sAQOrXJxB56Q28iOO43Va36elIFFKc/QB2orIeL94BdC5X4idFQZjSpsZTh48wKVXUE9xjwUkwR4R4/+1vjNN7KFp9fcqa2OxgjsoGqCn+3OPR8La9uyvZg0OBuSTj3qkbh/2HacAUJ7vqvjQ3W8Wj6sMXtTueR8NNcdSzJh149ch3zqfiXrxxna8+8UEDQaRR9KOPiSvXb2KjnuDan6hDKOT4qTZRRRCMWwnNQ9zPIMNbLBp0rNcZ+ZGFg2ckWtWh5yhv1iXYLV2vmd9DB6d4Dv8cW7scc3rPmDXpYR6APqPBRHlcbenfHCt+oCkEWse8OQhMM56KODIVQq3fejrfi1H rightrsasigkey=%dns rightnexthop=192.139.46.33 x-right-oecapable=true # marajade (Palpatine's hand, later turned to the light by Luke. Eventually # marries him.) # MCR's notebook. # Runs NetBSD, KAME+Racoon. Key extracted with fswcert. # conn marajade-host right=%any rightid=@marajade.sandelman.ottawa.on.ca rightrsasigkey=0x030100019ECF78958330EEBD1A33DB5D668DD149C79CD8F79403444C802D96E25BA4B7D5795A51B9BB184EBBB8918C542BDF7D19AFF6DFF030EE666B23EC10DEE845DFA4EEC70EFA96CDC5B2026E5B1A9DCCBC6567133CAFF95734651FB4B3E47F16D3C1782C7CA72A84909FADA3CB147D10842455379E845B763DD5808830CC910076D1 x-rsasigkey=0sAwEAAZ7PeJWDMO69GjPbXWaN0UnHnNj3lANETIAtluJbpLfVeVpRubsYTru4kYxUK999Ga/23/Aw7mZrI+wQ3uhF36Tuxw76ls3FsgJuWxqdzLxlZxM8r/lXNGUftLPkfxbTwXgsfKcqhJCfraPLFH0QhCRVN56EW3Y91YCIMMyRAHbR # cassidy. # MCR's Linux compute server. Also host for gnomemeeting. conn cassidy-host right=192.139.46.28 rightid=@cassidy.sandelman.ottawa.on.ca rightrsasigkey=%dns