Setting up VPN+IPSec+Racoon
Mike Tancsa
mike at sentex.net
Fri Feb 17 08:49:38 PST 2006
At 11:26 AM 17/02/2006, Kövesdán Gábor wrote:
>Mike Tancsa wrote:
>
>>As for tutorials, google around and read through various posts. There
>>is lots of good info out there. Perhaps if you describe what you want
>>to do, people can make specific suggestions.
>>
>> ---Mike
>>
>>
>Unfortunately, I haven't found a good howto. The situation is the following:
freebsd ipsec tutorial
in google comes up with a number of starting points including
http://www.onlamp.com/pub/a/bsd/2002/12/26/FreeBSD_Basics.html
>This project will be some kind of SMS service.
>The serv will connect to the SMS server and get
>the received SMSes, but the connection to the
>SMS server is only allowed via VPN. Here are two
>IP addresses, one of them is the VPN peers
>address. I have to set up a VPN connection to
>this host with 3DES SHA IPsec and a DH
>pre-shared key. The other IP address is the SMS
>servers adress but that is only accessible via VPN.
First, you need to show what your policy is.
typical setup described is
internalNet_A----externalIP_A-------internet-----externalIP_B----internalNet_B
Where internalNet_A needs to talk to internalNet_B in a safe and secure way.
So, identify what those parts of the policy are.
Put it in a shell script like
Bsubnet=172.24.0.17/29
BexternalIP=80.244.96.229
Asubnet=192.168.2.186/32
AexternalIP=80.98.231.227
setkey -F
setkey -FP
/usr/sbin/setkey -c <<EOF1
spdadd $Asubnet $Bsubnet any -P out ipsec
esp/tunnel/$AexternalIP-$Bsubnet/unique;
spdadd $Bsubnet $Asubnet any -P in ipsec
esp/tunnel/$Bsubnet-$AexternalIP/unique;
EOF1
This sets up the policy.
Type
setkey -DP
It will show you the installed policies. Once
you try and send some traffic across with PhaseI
and PhaseII negotiated, you will see the associations with
setkey -D
>I've installed ipsec-tools, and tried to
>configure it, but I can't start racoon and I get
>a configuration file parse error. I couldn't
>found out which line is wrong. I just got this:
>racoon: failed to parse configuration file.
IPSEC Tools is fussy about where the config
is. Its saying it cant find the config.
Try racoon -d -f /usr/local/etc/racoon/racoon.conf
Also, make sure for your sainfo config, it must
match your policies, otherwise it will hit the
anonymous config. For your initial setup, try it
with an anonymous config for now and then work on
getting only a specific config.
e.g.
sainfo address 172.24.0.17/29 any address 192.168.2.186/24 any
>Here is the racoon.conf:
>
># $KAME: racoon.conf.in,v 1.18 2001/08/16 06:33:40 itojun Exp $
>
>path include "@sysconfdir_x@/racoon";
>#include "remote.conf";
---Mike
More information about the freebsd-questions
mailing list