Please share the confs. Sami On May 13, 2013 5:25 PM, "Karl Denninger" <k...@denninger.net> wrote:
> On 5/13/2013 8:44 AM, VANHULLEBUS Yvan wrote: > > On Wed, Apr 17, 2013 at 11:57:19AM +0200, Willy Offermans wrote: > >> Hello Karl and FreeBSD friends, > > Hi all. > > > >> I recall having read about racoon and roadwarrior. Have a look to > >> /usr/local/share/examples/ipsec-tools/, if you have installed it. I'm > also > >> planning to install this on my server. However I have only little time > at > >> the moment. I'm also looking for examples of configuration files to work > >> with. > > First, ipsec-tools is for IKEv1 only, as the subject of the original > > mail talks about IKEv2. > > > > For IKEv1 (with ipsec-tools), the simplest way to do this would be to > > create a remote "anonymous" and a sainfo "anonymous" section, with > > "generate_policy" set to on: racoon will negociate phase 1 / phase 2, > > then will generate SPD entries from peer's proposal. > > > > Of course, this means that you'll have to trust what your peers will > > negociate as traffic endpoints ! > > > > If you have some more time to spend on configuration (recommanded !), > > you can specify traffic endpoints for the sainfo section: valid > > endpoints (which match the sainfo) negociated by peer will work as > > described upper, and other traffic endpoints will not negociate, as > > racoon won't find any related sainfo. > > > > > > Yvan. > > _______________________________________________ > > freebsd-stable@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > > To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org > " > > > > > I have successfully configured StrongSwan for IPSEC/IKEv2 and have it > operating both with Windows clients and also with the BlackBerry Z-10. > It is fast and works very well; I went for the current source directly > rather than the port as I wanted to enable a number of options. > > If readers believe there's value in posting the "recipe" I used here let > me know. > > -- > Karl Denninger > k...@denninger.net > /Cuda Systems LLC/ > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org" > _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
