At 11:26 AM 17/02/2006, Kövesdán Gábor wrote:
Mike Tancsa wrote:
As for tutorials, google around and read through various posts. There
is lots of good info out there. Perhaps if you describe what you want
to do, people can make specific suggestions.
---Mike
Unfortunately, I haven't found a good howto. The situation is the following:
freebsd ipsec tutorial
in google comes up with a number of starting points including
http://www.onlamp.com/pub/a/bsd/2002/12/26/FreeBSD_Basics.html
This project will be some kind of SMS service.
The serv will connect to the SMS server and get
the received SMSes, but the connection to the
SMS server is only allowed via VPN. Here are two
IP addresses, one of them is the VPN peers
address. I have to set up a VPN connection to
this host with 3DES SHA IPsec and a DH
pre-shared key. The other IP address is the SMS
servers adress but that is only accessible via VPN.
First, you need to show what your policy is.
typical setup described is
internalNet_A----externalIP_A-------internet-----externalIP_B----internalNet_B
Where internalNet_A needs to talk to internalNet_B in a safe and secure way.
So, identify what those parts of the policy are.
Put it in a shell script like
Bsubnet=172.24.0.17/29
BexternalIP=80.244.96.229
Asubnet=192.168.2.186/32
AexternalIP=80.98.231.227
setkey -F
setkey -FP
/usr/sbin/setkey -c <<EOF1
spdadd $Asubnet $Bsubnet any -P out ipsec
esp/tunnel/$AexternalIP-$Bsubnet/unique;
spdadd $Bsubnet $Asubnet any -P in ipsec
esp/tunnel/$Bsubnet-$AexternalIP/unique;
EOF1
This sets up the policy.
Type
setkey -DP
It will show you the installed policies. Once
you try and send some traffic across with PhaseI
and PhaseII negotiated, you will see the associations with
setkey -D
I've installed ipsec-tools, and tried to
configure it, but I can't start racoon and I get
a configuration file parse error. I couldn't
found out which line is wrong. I just got this:
racoon: failed to parse configuration file.
IPSEC Tools is fussy about where the config
is. Its saying it cant find the config.
Try racoon -d -f /usr/local/etc/racoon/racoon.conf
Also, make sure for your sainfo config, it must
match your policies, otherwise it will hit the
anonymous config. For your initial setup, try it
with an anonymous config for now and then work on
getting only a specific config.
e.g.
sainfo address 172.24.0.17/29 any address 192.168.2.186/24 any
Here is the racoon.conf:
# $KAME: racoon.conf.in,v 1.18 2001/08/16 06:33:40 itojun Exp $
path include "@sysconfdir_x@/racoon";
#include "remote.conf";
---Mike
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
