3 # RCSID $Id: defconfig,v 1.2 2004/03/22 21:53:19 as Exp $
7 # FreeS/WAN IPSec implementation, KLIPS kernel config defaults
11 # First, lets override stuff already set or not in the kernel config.
13 # We can't even think about leaving this off...
17 # This must be on for subnet protection.
20 # Shut off IPSEC masquerading if it has been enabled, since it will
21 # break the compile. IPPROTO_ESP and IPPROTO_AH were included in
22 # net/ipv4/ip_masq.c when they should have gone into include/linux/in.h.
23 CONFIG_IP_MASQUERADE_IPSEC=n
26 # Next, lets set the recommended FreeS/WAN configuration.
29 # To config as static (preferred), 'y'. To config as module, 'm'.
32 # To do tunnel mode IPSec, this must be enabled.
35 # To enable authentication, say 'y'. (Highly recommended)
38 # Authentication algorithm(s):
39 CONFIG_IPSEC_AUTH_HMAC_MD5=y
40 CONFIG_IPSEC_AUTH_HMAC_SHA1=y
42 # To enable encryption, say 'y'. (Highly recommended)
45 # Encryption algorithm(s):
46 CONFIG_IPSEC_ENC_3DES=y
48 # modular algo extensions (and new ALGOs)
50 CONFIG_IPSEC_ALG_3DES=m
51 CONFIG_IPSEC_ALG_AES=m
52 CONFIG_IPSEC_ALG_TWOFISH=m
53 CONFIG_IPSEC_ALG_BLOWFISH=m
54 CONFIG_IPSEC_ALG_SERPENT=m
55 CONFIG_IPSEC_ALG_MD5=m
56 CONFIG_IPSEC_ALG_SHA1=m
57 CONFIG_IPSEC_ALG_SHA2=m
58 #CONFIG_IPSEC_ALG_CAST=n
59 #CONFIG_IPSEC_ALG_NULL=n
61 # Use CryptoAPI for ALG?
62 CONFIG_IPSEC_ALG_CRYPTOAPI=m
65 # IP Compression: new, probably still has minor bugs.
68 # To enable userspace-switchable KLIPS debugging, say 'y'.
72 CONFIG_IPSEC_NAT_TRAVERSAL=y
77 # Revision 1.2 2004/03/22 21:53:19 as
78 # merged alg-0.8.1 branch with HEAD
80 # Revision 1.1.2.1.2.1 2004/03/16 09:48:19 as
81 # alg-0.8.1rc12 patch merged
83 # Revision 1.1.2.1 2004/03/15 22:30:06 as
84 # nat-0.6c patch merged
86 # Revision 1.1 2004/03/15 20:35:26 as
87 # added files from freeswan-2.04-x509-1.5.3
89 # Revision 1.22 2003/02/24 19:37:27 mcr
90 # changed default compilation mode to static.
92 # Revision 1.21 2002/04/24 07:36:27 mcr
93 # Moved from ./klips/net/ipsec/defconfig,v
95 # Revision 1.20 2002/04/02 04:07:40 mcr
96 # default build is now 'm'odule for KLIPS
98 # Revision 1.19 2002/03/08 18:57:17 rgb
99 # Added a blank line at the beginning of the file to make it easier for
100 # other projects to patch ./arch/i386/defconfig, for example
101 # LIDS+grSecurity requested by Jason Pattie.
103 # Revision 1.18 2000/11/30 17:26:56 rgb
104 # Cleaned out unused options and enabled ipcomp by default.
106 # Revision 1.17 2000/09/15 11:37:01 rgb
107 # Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
108 # IPCOMP zlib deflate code.
110 # Revision 1.16 2000/09/08 19:12:55 rgb
111 # Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
113 # Revision 1.15 2000/05/24 19:37:13 rgb
114 # *** empty log message ***
116 # Revision 1.14 2000/05/11 21:14:57 henry
117 # just commenting the FOOBAR=y lines out is not enough
119 # Revision 1.13 2000/05/10 20:17:58 rgb
120 # Comment out netlink defaults, which are no longer needed.
122 # Revision 1.12 2000/05/10 19:13:38 rgb
123 # Added configure option to shut off no eroute passthrough.
125 # Revision 1.11 2000/03/16 07:09:46 rgb
126 # Hardcode PF_KEYv2 support.
127 # Disable IPSEC_ICMP by default.
128 # Remove DES config option from defaults file.
130 # Revision 1.10 2000/01/11 03:09:42 rgb
131 # Added a default of 'y' to PF_KEYv2 keying I/F.
133 # Revision 1.9 1999/05/08 21:23:12 rgb
134 # Added support for 2.2.x kernels.
136 # Revision 1.8 1999/04/06 04:54:25 rgb
137 # Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes