
#
# Libreswan IPsec implementation, KLIPS kernel config defaults
#

#
# First, let's override stuff already set or not in the kernel config.
#
# We can't even think about leaving this off...
CONFIG_INET=y

#
# This must be on for subnet protection.
CONFIG_IP_FORWARD=y

# Shut off IPSEC masquerading if it has been enabled, since it will
# break the compile.  IPPROTO_ESP and IPPROTO_AH were included in
# net/ipv4/ip_masq.c when they should have gone into include/linux/in.h.
CONFIG_IP_MASQUERADE_IPSEC=n

#
# Next, let's set the recommended FreeS/WAN configuration.
#

# To config as static (preferred), 'y'.  To config as module, 'm'.
CONFIG_KLIPS=m

# To do tunnel mode IPsec, this must be enabled.
CONFIG_KLIPS_IPIP=y

# To enable authentication, say 'y'.   (Highly recommended)
CONFIG_KLIPS_AH=y

# Authentication algorithm(s):
CONFIG_KLIPS_AUTH_HMAC_MD5=y
CONFIG_KLIPS_AUTH_HMAC_SHA1=y

# To enable encryption, say 'y'.   (Highly recommended)
CONFIG_KLIPS_ESP=y

# modular algo extensions (and new ALGOs)
CONFIG_KLIPS_ALG=y

# Encryption algorithm(s):
CONFIG_KLIPS_ENC_3DES=y
CONFIG_KLIPS_ENC_AES=y

# Use CryptoAPI for ALG - by default, yes.
CONFIG_KLIPS_ENC_CRYPTOAPI=y

CONFIG_KLIPS_ENC_NULL=y

# IP Compression: new, probably still has minor bugs.
CONFIG_KLIPS_IPCOMP=y

# To enable userspace-switchable KLIPS debugging, say 'y'.
CONFIG_KLIPS_DEBUG=y

# OCF HW offloading, requires kernel patch
# CONFIG_KLIPS_OCF is not set

# NFMARK for old-style NAT-T UDP-decapsulation
# CONFIG_KLIPS_COMPAT_NAT_NFMARK is not set
