mode_cfg section ( Configuration Transaction )

Previous  Next

---

mode_cfg { statements }

    Defines the information to return for remote hosts' ISAKMP mode

    config requests.  Also defines the authentication source for

    remote peers authenticating through Xauth.

    The following are valid statements:

    auth_source (system | radius | pam);

        Specify the source for authentication of users through

        Xauth.  system means to use the Unix user database.  This

        is the default.  radius means to use a RADIUS server.  It

        works only if racoon(8) was built with libradius support,

        and the configuration is done in radius.conf(5).  pam

        means to use PAM.  It works only if racoon(8) was build

        with libpam support.

    conf_source (local | radius);

        Specify the source for IP addresses and netmask allocated

        through ISAKMP mode config.  local means to use the local

        IP pool defined by the network4 and pool_size keywords.

        This is the default.  radius means to use a RADIUS

        server.  It works only if racoon(8) was build with libra-

        dius support, and the configuration is done in

        radius.conf(5).  RADIUS configuration requires RADIUS

        authentication.

    accounting (none | system | radius | pam);

        Enable or disable accounting for Xauth logins and

        logouts.  Default is none, which disable accounting.

        system enable system accounting through utmp(5).  radius

        enable RADIUS accounting.  It works only if racoon(8) was

        build with libradius support, and the configuration is

        done in radius.conf(5).  RADIUS accounting require RADIUS

        authentication.  pam enable PAM accounting.  It works

        only if racoon(8) was build with libpam support.  PAM

        accounting require PAM authentication.

    pool_size size

        Specify the size of the IP address pool, either local or

        allocated through RADIUS.  conf_source selects the local

        pool or the RADIUS configuration, but in both configura-

        tions, you cannot have more than size users connected at

        the same time.  The default is 255.

    network4 address;

    netmask4 address;

        The local IP pool base address and network mask from

        which dynamically allocated IPv4 addresses should be

        taken.  This is used if conf_source is set to local or if

        the RADIUS server returned 255.255.255.254.  Default is

        0.0.0.0/0.0.0.0.

    dns4 addresses;

        A list of IPv4 addresses for DNS servers, separated by

        commas, or on multiple dns4 lines.

    nbns4 addresses;

        A list of IPv4 address for WINS servers.

    split_network (include | local_lan) network/mask, ...

        The network configuration to send, in cidr notation (e.g.

        192.168.1.0/24).  If include is specified, the tunnel

        should be only used to encrypt the indicated destinations

        ; otherwise, if local_lan is used, everything will pass

        through the tunnel but those destinations.

    default_domain domain;

        The default DNS domain to send.

    banner path;

        The path of a file displayed on the client at connection

        time.  Default is /etc/motd.

    auth_throttle delay;

        On each failed Xauth authentication attempt, refuse new

        attempts for delay more seconds.  This is to avoid dic-

        tionary attacks on Xauth passwords.  Default is one sec-

        ond.  Set to zero to disable authentication delay.

    pfs_group group;

        Sets the PFS group used in the client proposal (Cisco VPN

        client only).  Default is 0.

    save_passwd (on | off);

        Allow the client to save the Xauth password (Cisco VPN

        client only).  Default is off.