3 # RCSID $Id: defconfig,v 1.20 2002/04/02 04:07:40 mcr Exp $
7 # FreeS/WAN IPSec implementation, KLIPS kernel config defaults
11 # First, lets override stuff already set or not in the kernel config.
13 # We can't even think about leaving this off...
17 # This must be on for subnet protection.
20 # Shut off IPSEC masquerading if it has been enabled, since it will
21 # break the compile. IPPROTO_ESP and IPPROTO_AH were included in
22 # net/ipv4/ip_masq.c when they should have gone into include/linux/in.h.
23 CONFIG_IP_MASQUERADE_IPSEC=n
26 # Next, lets set the recommended FreeS/WAN configuration.
29 # To config as static (preferred), 'y'. To config as module, 'm'.
32 # To do tunnel mode IPSec, this must be enabled.
35 # To enable authentication, say 'y'. (Highly recommended)
38 # Authentication algorithm(s):
39 CONFIG_IPSEC_AUTH_HMAC_MD5=y
40 CONFIG_IPSEC_AUTH_HMAC_SHA1=y
42 # To enable encryption, say 'y'. (Highly recommended)
45 # Encryption algorithm(s):
46 CONFIG_IPSEC_ENC_DES=y
47 CONFIG_IPSEC_ENC_3DES=y
49 # IP Compression: new, probably still has minor bugs.
52 # To enable userspace-switchable KLIPS debugging, say 'y'.
55 # modular algo extensions (and new ALGOs)
57 CONFIG_IPSEC_ALG_AES=m
58 CONFIG_IPSEC_ALG_TWOFISH=m
59 CONFIG_IPSEC_ALG_SERPENT=m
62 CONFIG_IPSEC_NAT_TRAVERSAL=y
67 # Revision 1.20 2002/04/02 04:07:40 mcr
68 # default build is now 'm'odule for KLIPS
70 # Revision 1.19 2002/03/08 18:57:17 rgb
71 # Added a blank line at the beginning of the file to make it easier for
72 # other projects to patch ./arch/i386/defconfig, for example
73 # LIDS+grSecurity requested by Jason Pattie.
75 # Revision 1.18 2000/11/30 17:26:56 rgb
76 # Cleaned out unused options and enabled ipcomp by default.
78 # Revision 1.17 2000/09/15 11:37:01 rgb
79 # Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
80 # IPCOMP zlib deflate code.
82 # Revision 1.16 2000/09/08 19:12:55 rgb
83 # Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
85 # Revision 1.15 2000/05/24 19:37:13 rgb
86 # *** empty log message ***
88 # Revision 1.14 2000/05/11 21:14:57 henry
89 # just commenting the FOOBAR=y lines out is not enough
91 # Revision 1.13 2000/05/10 20:17:58 rgb
92 # Comment out netlink defaults, which are no longer needed.
94 # Revision 1.12 2000/05/10 19:13:38 rgb
95 # Added configure option to shut off no eroute passthrough.
97 # Revision 1.11 2000/03/16 07:09:46 rgb
98 # Hardcode PF_KEYv2 support.
99 # Disable IPSEC_ICMP by default.
100 # Remove DES config option from defaults file.
102 # Revision 1.10 2000/01/11 03:09:42 rgb
103 # Added a default of 'y' to PF_KEYv2 keying I/F.
105 # Revision 1.9 1999/05/08 21:23:12 rgb
106 # Added support for 2.2.x kernels.
108 # Revision 1.8 1999/04/06 04:54:25 rgb
109 # Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes