
#
# RCSID $Id: defconfig,v 1.5 2003/07/04 19:07:34 ken Exp $
#

#
# FreeS/WAN IPSec implementation, KLIPS kernel config defaults
#

#
# First, lets override stuff already set or not in the kernel config.
#
# We can't even think about leaving this off...
CONFIG_INET=y

#
# This must be on for subnet protection.
CONFIG_IP_FORWARD=y

# Shut off IPSEC masquerading if it has been enabled, since it will 
# break the compile.  IPPROTO_ESP and IPPROTO_AH were included in 
# net/ipv4/ip_masq.c when they should have gone into include/linux/in.h.
CONFIG_IP_MASQUERADE_IPSEC=n

#
# Next, lets set the recommended FreeS/WAN configuration.
#

# To config as static (preferred), 'y'.  To config as module, 'm'.
CONFIG_IPSEC=m

# To do tunnel mode IPSec, this must be enabled.
CONFIG_IPSEC_IPIP=y

# To enable authentication, say 'y'.   (Highly recommended)
CONFIG_IPSEC_AH=y

# Authentication algorithm(s):
CONFIG_IPSEC_AUTH_HMAC_MD5=y
CONFIG_IPSEC_AUTH_HMAC_SHA1=y

# To enable encryption, say 'y'.   (Highly recommended)
CONFIG_IPSEC_ESP=y

# Encryption algorithm(s):
CONFIG_IPSEC_ENC_3DES=y

# IP Compression: new, probably still has minor bugs.
CONFIG_IPSEC_IPCOMP=y

# To enable userspace-switchable KLIPS debugging, say 'y'.
CONFIG_IPSEC_DEBUG=y

# modular algo extensions (and new ALGOs)
CONFIG_IPSEC_ALG=y
CONFIG_IPSEC_ALG_AES=m
CONFIG_IPSEC_ALG_TWOFISH=m
CONFIG_IPSEC_ALG_SERPENT=m

# NAT Traversal
CONFIG_IPSEC_NAT_TRAVERSAL=y

# Use CryptoAPI for ALG?
CONFIG_IPSEC_ALG_CRYPTOAPI=n

# NAT Traversal
CONFIG_IPSEC_NAT_TRAVERSAL=y

#
#
# $Log: defconfig,v $
# Revision 1.5  2003/07/04 19:07:34  ken
# Added NAT-T 0.6 diff/patch from Tuomo
#
# Revision 1.4  2003/02/21 22:59:21  ken
# Set default for CONFIG_IPSEC_ALG_CRYPTOAPI=n
#
# Revision 1.3  2002/09/05 16:50:58  ken
# Enabled NAT-T by default
#
# Revision 1.2  2002/09/05 03:27:08  ken
# Applied freeswan-alg-0.8.0-BASE-klips.diff
#
# Revision 1.1.1.1  2002/09/05 03:13:17  ken
# 1.98b
#
# Revision 1.20  2002/04/02 04:07:40  mcr
# 	default build is now 'm'odule for KLIPS
#
# Revision 1.19  2002/03/08 18:57:17  rgb
# Added a blank line at the beginning of the file to make it easier for
# other projects to patch ./arch/i386/defconfig, for example
# LIDS+grSecurity requested by Jason Pattie.
#
# Revision 1.18  2000/11/30 17:26:56  rgb
# Cleaned out unused options and enabled ipcomp by default.
#
# Revision 1.17  2000/09/15 11:37:01  rgb
# Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
# IPCOMP zlib deflate code.
#
# Revision 1.16  2000/09/08 19:12:55  rgb
# Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
#
# Revision 1.15  2000/05/24 19:37:13  rgb
# *** empty log message ***
#
# Revision 1.14  2000/05/11 21:14:57  henry
# just commenting the FOOBAR=y lines out is not enough
#
# Revision 1.13  2000/05/10 20:17:58  rgb
# Comment out netlink defaults, which are no longer needed.
#
# Revision 1.12  2000/05/10 19:13:38  rgb
# Added configure option to shut off no eroute passthrough.
#
# Revision 1.11  2000/03/16 07:09:46  rgb
# Hardcode PF_KEYv2 support.
# Disable IPSEC_ICMP by default.
# Remove DES config option from defaults file.
#
# Revision 1.10  2000/01/11 03:09:42  rgb
# Added a default of 'y' to PF_KEYv2 keying I/F.
#
# Revision 1.9  1999/05/08 21:23:12  rgb
# Added support for 2.2.x kernels.
#
# Revision 1.8  1999/04/06 04:54:25  rgb
# Fix/Add RCSID Id: and Log: bits to make PHMDs happy.  This includes
# patch shell fixes.
#
#
