#
# RCSID $Id: defconfig,v 1.8 1999/04/06 04:54:25 rgb Exp $
#

#
# FreeS/WAN IPSec implementation, KLIPS kernel config defaults
#

#
# First, lets override stuff already set or not in the kernel config.
#
# We can't even think about leaving this off...
CONFIG_INET=y
#
# This must be on for subnet protection.
CONFIG_IP_FORWARD=y
#
# This must be on to talk to klips until PF_KEYv2 works.
CONFIG_NETLINK=y

#
# Next, lets set the recommended FreeS/WAN configuration.
#

# To config as static (preferred), 'y'.  To config as module, 'm'.
CONFIG_IPSEC=y

# To do tunnel mode IPSec, this must be enabled.
CONFIG_IPSEC_IPIP=y

# To go for robustness, disable this.  To go for efficiency, enable.
CONFIG_IPSEC_ICMP=y

# To enable authentication, say 'y'.   (Highly recommended)
CONFIG_IPSEC_AH=y

# Authentication algorithm(s):
CONFIG_IPSEC_AUTH_HMAC_MD5=y
CONFIG_IPSEC_AUTH_HMAC_SHA1=y

# To enable encryption, say 'y'.   (Highly recommended)
CONFIG_IPSEC_ESP=y

# Encryption algorithm(s):
CONFIG_IPSEC_ENC_3DES=y

# Disable insecure encryption algorithm(s):
CONFIG_IPSEC_INSECURE=n
CONFIG_IPSEC_ENC_DES=n
CONFIG_IPSEC_ENC_NULL=n

# To enable userspace-switchable KLIPS debugging, say 'y'.
DEBUG_IPSEC=y


#
# $Log: defconfig,v $
# Revision 1.8  1999/04/06 04:54:25  rgb
# Fix/Add RCSID Id: and Log: bits to make PHMDs happy.  This includes
# patch shell fixes.
#
#
