#
# Libreswan IPSec implementation, KLIPS+OCF kernel config defaults
#

#
# First, lets override stuff already set or not in the kernel config.
#
# We can't even think about leaving this off...
CONFIG_INET=y

#
# This must be on for subnet protection.
CONFIG_IP_FORWARD=y

# Shut off IPSEC masquerading if it has been enabled, since it will 
# break the compile.  IPPROTO_ESP and IPPROTO_AH were included in 
# net/ipv4/ip_masq.c when they should have gone into include/linux/in.h.
CONFIG_IP_MASQUERADE_IPSEC=n

#
# Next, lets set the recommended FreeS/WAN configuration.
#

# To config as static (preferred), 'y'.  To config as module, 'm'.
CONFIG_KLIPS=m

# To do tunnel mode IPSec, this must be enabled.
CONFIG_KLIPS_IPIP=y

# To enable authentication, say 'y'.   (Highly recommended)
CONFIG_KLIPS_AH=y

# Authentication algorithm(s):
CONFIG_KLIPS_AUTH_HMAC_MD5=y
CONFIG_KLIPS_AUTH_HMAC_SHA1=y

# To enable encryption, say 'y'.   (Highly recommended)
CONFIG_KLIPS_ESP=y

# modular algo extensions (and new ALGOs)
CONFIG_KLIPS_ALG=y

# Encryption algorithm(s):
CONFIG_KLIPS_ENC_3DES=y
CONFIG_KLIPS_ENC_AES=y

# Use CryptoAPI for ALG? - by default, no.
CONFIG_KLIPS_ENC_CRYPTOAPI=y

# IP Compression: new, probably still has minor bugs.
CONFIG_KLIPS_IPCOMP=y

# To enable userspace-switchable KLIPS debugging, say 'y'.
CONFIG_KLIPS_DEBUG=y

# OCF HW offloading, requires kernel patch
CONFIG_KLIPS_OCF=y