Adding a new VPN connection
Sam Wun
smw2010 at gmail.com
Mon Dec 11 15:32:00 PST 2006
Hi,
In a FreeBSD router (5.4-stable), there are currently 50 IPSEC VPN
connections running with 50 remote sites, now I need to add one more (new)
vpn to it without resetting the existing VPN connection. Therefore I have
created a script (new-vpn.sh):
#!/bin/sh
# Tunnel to kgportsmith
/sbin/ifconfig gif108 destroy
/sbin/ifconfig gif108 create
/sbin/ifconfig gif108 tunnel 10.152.34.74 10.154.3.74
/sbin/ifconfig gif108 inet 10.1.1.1 10.1.1.33 netmask 255.255.255.0
/sbin/route delete 10.1.33.1/24
/sbin/route delete 172.17.33.0/24
/sbin/route add 10.1.33.1/24 10.1.1.33
/sbin/route add 172.17.33.0/24 10.1.1.33
setkey -c << EOF
# Setup policies with kgportsmith
spdadd 10.152.34.74 10.154.3.74 any -P out ipsec esp/tunnel/10.152.34.74-
10.154.3.74/require ;
spdadd 10.154.3.74 10.152.34.74 any -P in ipsec esp/tunnel/10.154.3.74-
10.152.34.74/require ;
add 10.152.34.74 10.154.3.74 esp 2797 -m tunnel -E blowfish-cbc
0x11205611340CCEA4C816670A4A8DD2A67403F46A08169850DC0B8E2989C3C2094CEF174297ECCF39644B6C4E28D5A3BD4C0861DD7094E398
-A hmac-sha1 0x2C49F538BAF74917311382F7EE42CC43FBDBDA4B ;
add 10.154.3.74 10.152.34.74 esp 4074 -m tunnel -E blowfish-cbc
0x82A7C78A8C1F8B0DF8EE75F4BEEA5A26D987C6237D43ED98EF3E2A18D2B7F2C94674E1E4B1FAFE645CCB2C18603646E20EB925B06AEC4F6B
-A hmac-sha1 0xCE1D85113D11D43C061E499CFFECCD81D50A3530 ;
EOF
### END OF SCRIPT ###
Will this script (especially the command setkey -c) erase (reset) the
existing VPN connection and security keys)? If it does, I will lose the
connectino with all other sites.
Thanks
S
More information about the freebsd-net
mailing list